Short Name |
HTTP:DIR:WINACE-DIR-TRVRS |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
WinACE RAR and TAR Directory Traversal |
Release Date |
2011/06/30 |
Update Number |
1948 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability in WinACE. It is due to insufficient input validation. Successful exploitation of this vulnerability allows an attacker to execute arbitrary code on the vulnerable system with the privileges of the Administrator user.
Reportedly, an attacker can carry out directory-traversal attacks. These issues present themselves when the application processes malformed archives. A successful attack can allow the attacker to place potentially malicious files and overwrite files on a computer in the context of the user running the affected application. Successful exploitation may aid in further attacks.