CVE-2006-2100

Magic ISO Maker < 5.0_build_0166 - Directory Traversal and Arbitrary File Write via ISO Image Filename

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-2100. PoCs published by Sowhat.

AI-analyzed exploit summary The provided text describes a directory traversal vulnerability in MagicISO version 5.0 Build 0166, where malicious archives can be used to overwrite files on the target system. The exploit details are referenced from SecurityFocus and ExploitDB, but no actual exploit code is included.

Description

Directory traversal vulnerability in Magic ISO 5.0 Build 0166 allows remote attackers to write arbitrary files via a .. (dot dot) in a filename in an ISO image.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Sowhat · textremotewindows

https://www.exploit-db.com/exploits/27759

View Code ZIP pw:eip

The provided text describes a directory traversal vulnerability in MagicISO version 5.0 Build 0166, where malicious archives can be used to overwrite files on the target system. The exploit details are referenced from SecurityFocus and ExploitDB, but no actual exploit code is included.

Classification

Writeup 80%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: MagicISO version 5.0 Build 0166

No auth needed

Prerequisites: Malicious archive file · User interaction to open the archive

MITRE ATT&CK