Vulnerability CVE-2002-1139


Published: 2002-10-11   Modified: 2012-02-12

Description:
The Compressed Folders feature in Microsoft Windows 98 with Plus! Pack, Windows Me, and Windows XP does not properly check the destination folder during the decompression of ZIP files, which allows attackers to place an executable file in a known location on a user's system, aka "Incorrect Target Path for Zipped File Decompression."

Type:

CWE-Other

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Microsoft -> Windows 98 plus pack 
Microsoft -> Windows me 
Microsoft -> Windows xp 

 References:
http://www.iss.net/security_center/static/10252.php
http://www.securityfocus.com/bid/5876
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-054

Copyright 2021, cxsecurity.com

 

Back to Top