Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:6972
HistoryOct 13, 2004 - 12:00 a.m.

Microsoft cabarc directory traversal

2004-10-1300:00:00
vulners.com
12

Description:

Cabarc is a command line tool to create and extract cabinet files (.cab) it
is included in the Windows Support Tools package
It is subject to a directory traversal bug similar to those found in unzip,
unarj etc…

Technical Details:

…\file fails

…/file defeats the protection

Demonstration:

http://62.131.86.111/security/cabarc/demo.cab

Risk : low