CVE-2007-4546 in Unreal Commanderinfo

Summary

by MITRE

Unreal Commander 0.92 build 565 and 573 lists the filenames from the Central Directory of a ZIP archive, but extracts to local filenames corresponding to names in Local File Header fields in this archive, which might allow remote attackers to trick a user into performing a dangerous file overwrite or creation.

Be aware that VulDB is the high quality source for vulnerability data.

Analysis

by VulDB Data Team • 11/01/2017

This vulnerability exists in Unreal Commander versions 0.92 build 565 and 573 where the application exhibits inconsistent handling of ZIP archive file extraction behavior. The flaw manifests when the software processes ZIP archives containing files with different names in the Central Directory versus the Local File Header fields. The application displays filenames from the Central Directory during archive listing operations but subsequently extracts files using the names specified in the Local File Header fields. This discrepancy creates a potential security risk where attackers can craft malicious ZIP archives designed to exploit this inconsistency.

The technical nature of this vulnerability stems from improper validation and inconsistent interpretation of archive metadata. When a ZIP archive contains files with different names in the Central Directory and Local File Header, the application's extraction mechanism fails to maintain consistency between the display and actual extraction behavior. This inconsistency can be exploited by attackers to create deceptive archive contents that appear benign during listing but perform malicious actions during extraction. The vulnerability is classified as a directory traversal or file overwrite issue that can lead to unauthorized file creation or modification in the target system.

From an operational impact perspective, this vulnerability enables remote attackers to perform dangerous file overwrite operations or create unexpected files on the victim's system. The attack vector typically involves a user opening a maliciously crafted ZIP archive, where the archive listing appears normal but the actual extraction process overwrites existing files or creates new ones in unintended locations. This behavior can lead to system compromise through overwriting critical system files, creating backdoors, or corrupting important data. The vulnerability is particularly concerning in environments where users frequently handle untrusted archive files from email attachments, download sites, or other unverified sources.

Security practitioners should consider this vulnerability in the context of CWE-22, which addresses directory traversal attacks, and CWE-73, which covers external control of filename or path. The ATT&CK framework categorizes this behavior under T1059.007 for execution through command and scripting interpreter and potentially T1021.002 for remote services. Mitigation strategies include updating to patched versions of Unreal Commander, implementing strict file extraction policies, using sandboxed environments for archive processing, and educating users about the risks of opening untrusted archive files. Organizations should also consider deploying network-based intrusion detection systems that can identify suspicious archive content patterns and implementing application whitelisting controls to restrict execution of vulnerable software versions.

Reservation

08/27/2007

Disclosure

08/27/2007

Moderation

accepted

Entry

VDB-38522

CPE

ready

Exploit

Download

EPSS

0.01843

KEV

no

Activities

very low

Sources

Want to stay up to date on a daily basis?

Enable the mail alert feature now!