Signature Detail
Short Name |
HTTP:DIR:WINACE-DIR-TRVRS |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
WinACE RAR and TAR Directory Traversal |
Release Date |
2011/06/30 |
Update Number |
1948 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: WinACE RAR and TAR Directory Traversal
This signature detects attempts to exploit a known vulnerability in WinACE. It is due to insufficient input validation. Successful exploitation of this vulnerability allows an attacker to execute arbitrary code on the vulnerable system with the privileges of the Administrator user.
Extended Description
Reportedly, an attacker can carry out directory-traversal attacks. These issues present themselves when the application processes malformed archives. A successful attack can allow the attacker to place potentially malicious files and overwrite files on a computer in the context of the user running the affected application. Successful exploitation may aid in further attacks.
Affected Products
- Winace 2.5.0
- Winace 2.60
- Winace 2.6.0 05
References
- BugTraq: 16800
- CVE: CVE-2006-0981