cabextract '.cab' File Code Execution Vulnerability

cabextract is prone to an arbitrary code-execution vulnerability because the application fails to correctly handle certain '.cab' files in test archive mode.

Attackers can exploit this issue to execute arbitrary code or cause denial-of-service conditions.

cabextract version 1.2 is vulnerable; other versions may also be affected.

Note: The vulnerability occurs only if the application is run in test archive mode.


 

Privacy Statement
Copyright 2010, SecurityFocus