CVE-2005-0161

e-merge unace 1.2b - Directory Traversal and Arbitrary File Write via ACE Archive

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-0161. PoCs published by Ulf Harnhammar.

AI-analyzed exploit summary This is a writeup describing a directory-traversal vulnerability in Winace unace, where malicious ACE archives can write files to arbitrary locations on the filesystem. The vulnerability is client-side and requires user interaction to extract the archive.

Description

Multiple directory traversal vulnerabilities in unace 1.2b allow attackers to overwrite arbitrary files via an ACE archive containing (1) ../ sequences or (2) absolute pathnames.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Ulf Harnhammar · textremotelinux
https://www.exploit-db.com/exploits/25150

This is a writeup describing a directory-traversal vulnerability in Winace unace, where malicious ACE archives can write files to arbitrary locations on the filesystem. The vulnerability is client-side and requires user interaction to extract the archive.

Classification
Writeup 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: Winace unace (version not specified)
No auth needed
Prerequisites: User interaction to extract a malicious ACE archive
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/14359
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/12628
Vendor Advisory mailing-list x_refsource_fulldisc
http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031908.html
Vendor Advisory vendor-advisory x_refsource_suse
http://www.novell.com/linux/security/advisories/2005_16_sr.html

Scores

EPSS 0.0113
EPSS Percentile 62.2%

Details

Status published
Products (1)
e-merge/unace 1.2b
Published Feb 22, 2005
Tracked Since Feb 18, 2026