TUCoPS :: Windows :: hack2547.htm

Microsoft cabarc directory traversal
Microsoft cabarc directory traversal

Description:

Cabarc is a command line tool to create and extract cabinet files (.cab) it
is included in the Windows Support Tools package
It is subject to a directory traversal bug similar to those found in unzip,
unarj etc..

Technical Details:

..\file fails

../file defeats the protection

Demonstration:

http://62.131.86.111/security/cabarc/demo.cab 

Risk : low


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH