CVE-2007-4843

X-Diesel Unreal Commander 0.92 build 565 and 573 - Path Traversal via FTP Filename

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-4843. PoCs published by Gynvael Coldwind.

AI-analyzed exploit summary This PoC demonstrates a directory traversal vulnerability in Unreal Commander via a malicious FTP server. It exploits improper handling of directory listings to write files to arbitrary locations and includes a DoS component.

Description

Directory traversal vulnerability in X-Diesel Unreal Commander 0.92 build 565 and 573 allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a filename. NOTE: this can be leveraged for code execution by writing to a Startup folder.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Gynvael Coldwind · pythonremotewindows

https://www.exploit-db.com/exploits/30569

View Code ZIP pw:eip

This PoC demonstrates a directory traversal vulnerability in Unreal Commander via a malicious FTP server. It exploits improper handling of directory listings to write files to arbitrary locations and includes a DoS component.

Classification

Working Poc 95%

Attack Type

Other

Complexity

Moderate

Reliability

Reliable

Target: Unreal Commander 0.92 (build 565 and 573)

No auth needed

Prerequisites: Network access to the target · Target must initiate an FTP connection to the attacker's server

MITRE ATT&CK