CVE-2004-0916

Published: Jan 27, 2005Modified: Apr 16, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Directory traversal vulnerability in cabextract before 1.1 allows remote attackers to overwrite arbitrary files via a cabinet file containing .. (dot dot) sequences in a filename.

Affected (3)

Products: Cabextract Project: Cabextract

Cabextract Project

1 product

Cabextract

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Cabextract Project Cabextract	Version 0.2
Cabextract Project Cabextract	Version 0.6
Cabextract Project Cabextract	Version 1.0

References (10)

http://secunia.com/advisories/12882/

Source: cve@mitre.org

PatchVendor Advisory

http://www.debian.org/security/2004/dsa-574

Source: cve@mitre.org

PatchVendor Advisory

http://www.kyz.uklinux.net/cabextract.php#changes

Source: cve@mitre.org

http://www.securityfocus.com/bid/11460

Source: cve@mitre.org

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/17766

Source: cve@mitre.org

http://secunia.com/advisories/12882/