1. CVE-Search
  2. CVE-2006-3178
ID CVE-2006-3178
Summary Directory traversal vulnerability in extract_chmLib example program in CHM Lib (chmlib) before 0.38 allows remote attackers to overwrite arbitrary files via a CHM archive containing files with a .. (dot dot) in their filename. Upgrade to version 0.38
References
Vulnerable Configurations
  • cpe:2.3:a:jed_wing:chm_lib:*:*:*:*:*:*:*:*
    cpe:2.3:a:jed_wing:chm_lib:*:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 20-07-2017 - 01:32)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:P/A:N
refmap via4
bid 18511
confirm http://morte.jedrea.com/~jedwin/projects/chmlib/
debian DSA-1144
osvdb 26636
sectrack 1016343
secunia
  • 20734
  • 21406
vupen ADV-2006-2430
xf chmlib-extract-directory-traversal(27278)
Last major update 20-07-2017 - 01:32
Published 23-06-2006 - 00:02
Last modified 20-07-2017 - 01:32
Back to Top