VYPR
Unrated severityNVD Advisory· Published Aug 27, 2007· Updated Jun 16, 2026

CVE-2007-4546

CVE-2007-4546

Description

Unreal Commander 0.92 build 565 and 573 lists the filenames from the Central Directory of a ZIP archive, but extracts to local filenames corresponding to names in Local File Header fields in this archive, which might allow remote attackers to trick a user into performing a dangerous file overwrite or creation.

Affected products

3
  • cpe:2.3:a:x-diesel:unreal_commander:0.92_build565:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:x-diesel:unreal_commander:0.92_build565:*:*:*:*:*:*:*
    • cpe:2.3:a:x-diesel:unreal_commander:0.92_build573:*:*:*:*:*:*:*
  • Range: 0.92 build 565 and 573

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.