Vulnerability in Cabextract_project Cabextract
CVE-2004-0916
Directory traversal vulnerability in cabextract before 1.1 allows remote attackers to overwrite arbitrary files via a cabinet file containing .. (dot dot) sequences in a filename.
EPSS: 0.036 (87.9th percentile) — read the EPSS interpretation.
Affected products
- Cabextract_project Cabextract — versions 0.2, 0.6, 1.0
- N/a — versions n/a
References
- cve@mitre.org (x_refsource_CONFIRM)
- cve@mitre.org (Patch, x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
- cve@mitre.org (vendor-advisory, Patch, x_refsource_DEBIAN, Vendor Advisory)
- cve@mitre.org (vdb-entry, x_refsource_XF)
- cve@mitre.org (vdb-entry, x_refsource_BID, Vendor Advisory)