[36884] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Microsoft cabarc directory traversal

daemon@ATHENA.MIT.EDU (Jelmer)
Tue Oct 12 12:21:12 2004

Date: Tue, 12 Oct 2004 15:56:35 +0200
From: Jelmer <jkuperus@planet.nl>
To: bugtraq@securityfocus.com, full-disclosure@lists.netsys.com
Message-id: <0I5H003IR5EDFG@smtp18.wxs.nl>
MIME-version: 1.0
Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: 7BIT

Description:

Cabarc is a command line tool to create and extract cabinet files (.cab) it
is included in the Windows Support Tools package
It is subject to a directory traversal bug similar to those found in unzip,
unarj etc..

Technical Details:

..\file fails

../file defeats the protection

Demonstration:

http://62.131.86.111/security/cabarc/demo.cab

Risk : low


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[36884] in bugtraq

Microsoft cabarc directory traversal

daemon@ATHENA.MIT.EDU (Jelmer)Tue Oct 12 12:21:12 2004

daemon@ATHENA.MIT.EDU (Jelmer)
Tue Oct 12 12:21:12 2004