FastStone 4in1 Browser Arbitrary File Access Vulnerability

vendor:

4in1 Browser

by:

SecurityFocus

7.5

CVSS

HIGH

Arbitrary File Access

CWE

Product Name: 4in1 Browser

Affected Version From: 1.2

Affected Version To: 1.2

Patch Exists: Yes

Related CWE: N/A

CPE: a:faststone:4in1_browser

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2005

FastStone 4in1 Browser Arbitrary File Access Vulnerability

A vulnerability has been identified in the handling of certain types of requests by the 4in1 Browser Web server. Because of this, it is possible for an attacker to gain access to potentially sensitive system files. This issue could be exploited to gain read access to files on a host using the vulnerable software. Read privileges granted to these files would be restricted by the permissions of the web server process.

Mitigation:

Upgrade to the latest version of FastStone 4in1 Browser

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/12937/info

A vulnerability has been identified in the handling of certain types of requests by the 4in1 Browser Web server. Because of this, it is possible for an attacker to gain access to potentially sensitive system files.

This issue could be exploited to gain read access to files on a host using the vulnerable software. Read privileges granted to these files would be restricted by the permissions of the web server process.

This vulnerability is reported to affect FastStone 4in1 Browser version 1.2, previous versions might also be affected. 

http://www.example.com/.../.../.../.../.../.../windows/system.ini
http://www.example.com/..\..\..\..\..\..\..\..\windows/system.ini