header-logo
Suggest Exploit
vendor:
Unace
by:
SecurityFocus
7.5
CVSS
HIGH
Directory-Traversal
22
CWE
Product Name: Unace
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005

Winace Unace Client-Side Directory-Traversal Vulnerability

A remotely exploitable client-side directory-traversal vulnerability affects Winace unace. The application fails to properly sanitize file and directory names contained within malicious ACE format archives. An attacker may leverage this issue by distributing malicious ACE archives to unsuspecting users. This issue will allow an attacker to write files to arbitrary locations on the filesystem with the privileges of an unsuspecting user that extracts the malicious ACE archive.

Mitigation:

Ensure that all user-supplied input is validated before being used.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/12628/info

A remotely exploitable client-side directory-traversal vulnerability affects Winace unace. The application fails to properly sanitize file and directory names contained within malicious ACE format archives.

An attacker may leverage this issue by distributing malicious ACE archives to unsuspecting users. This issue will allow an attacker to write files to arbitrary locations on the filesystem with the privileges of an unsuspecting user that extracts the malicious ACE archive.

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/25150.zip

Navigation

Suggest Exploit

Services By CQR