CVE-2007-4546 - Vulnerability Details - OpenCVE

Description

Unreal Commander 0.92 build 565 and 573 lists the filenames from the Central Directory of a ZIP archive, but extracts to local filenames corresponding to names in Local File Header fields in this archive, which might allow remote attackers to trick a user into performing a dangerous file overwrite or creation.

Published: 2007-08-27

Score: 5.8 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

OR	cpe:2.3:a:x-diesel:unreal_commander:0.92_build565:::::::*
	cpe:2.3:a:x-diesel:unreal_commander:0.92_build573:::::::*

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2007-4529	Unreal Commander 0.92 build 565 and 573 lists the filenames from the Central Directory of a ZIP archive, but extracts to local filenames corresponding to names in Local File Header fields in this archive, which might allow remote attackers to trick a user into performing a dangerous file overwrite or creation.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00566.

Key SSVC decision points have not yet been added.

References

Link	Providers
http://osvdb.org/45831
http://securityreason.com/securityalert/3060
http://www.securityfocus.com/archive/1/477432/100/0/threaded
http://www.securityfocus.com/bid/25419

History

No history.

Subscriptions

X-diesel Unreal Commander

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-08-27T23:00:00.000Z

Updated: 2024-08-07T15:01:09.861Z

Reserved: 2007-08-27T00:00:00.000Z

Link: CVE-2007-4546

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-08-27T23:17:00.000

Modified: 2026-04-23T00:35:47.467

Link: CVE-2007-4546

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-08-23T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Unreal Commander 0.92 build 565 and 573 lists the filenames from the Central Directory of a ZIP archive, but extracts to local filenames corresponding to names in Local File Header fields in this archive, which might allow remote attackers to trick a user into performing a dangerous file overwrite or creation."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "45831", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/45831"}, {"name": "3060", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/3060"}, {"name": "20070823 X-Diesel Unreal Commander v0.92 (build 573) multiple vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/477432/100/0/threaded"}, {"name": "25419", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/25419"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-4546", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unreal Commander 0.92 build 565 and 573 lists the filenames from the Central Directory of a ZIP archive, but extracts to local filenames corresponding to names in Local File Header fields in this archive, which might allow remote attackers to trick a user into performing a dangerous file overwrite or creation."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "45831", "refsource": "OSVDB", "url": "http://osvdb.org/45831"}, {"name": "3060", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3060"}, {"name": "20070823 X-Diesel Unreal Commander v0.92 (build 573) multiple vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/477432/100/0/threaded"}, {"name": "25419", "refsource": "BID", "url": "http://www.securityfocus.com/bid/25419"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T15:01:09.861Z"}, "title": "CVE Program Container", "references": [{"name": "45831", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/45831"}, {"name": "3060", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/3060"}, {"name": "20070823 X-Diesel Unreal Commander v0.92 (build 573) multiple vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/477432/100/0/threaded"}, {"name": "25419", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/25419"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-4546", "datePublished": "2007-08-27T23:00:00.000Z", "dateReserved": "2007-08-27T00:00:00.000Z", "dateUpdated": "2024-08-07T15:01:09.861Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:x-diesel:unreal_commander:0.92_build565:*:*:*:*:*:*:*", "matchCriteriaId": "5E10A135-3DEA-4C76-8BDA-28252FE266E0", "vulnerable": true}, {"criteria": "cpe:2.3:a:x-diesel:unreal_commander:0.92_build573:*:*:*:*:*:*:*", "matchCriteriaId": "A38B09DC-7E74-49EE-AA19-E9A542932AEF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unreal Commander 0.92 build 565 and 573 lists the filenames from the Central Directory of a ZIP archive, but extracts to local filenames corresponding to names in Local File Header fields in this archive, which might allow remote attackers to trick a user into performing a dangerous file overwrite or creation."}, {"lang": "es", "value": "Unreal Commander 0.92 construcci\u00f3n 565 y 573 lista los nombres de archivo desde el directorio central de un archivo ZIP, \t\r\npero extrae los nombres de fichero locales que corresponden a los nombres de los campos en Local File Header en este archivo, el cual podr\u00eda permitir a atacantes remotos enga\u00f1ar a un usuario realizando una sobrescritura o creaci\u00f3n peligrosa de archivos."}], "id": "CVE-2007-4546", "lastModified": "2026-04-23T00:35:47.467", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-08-27T23:17:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/45831"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/3060"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/477432/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/25419"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/45831"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/3060"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/477432/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/25419"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}