CVE-2002-1139

high

Description

The Compressed Folders feature in Microsoft Windows 98 with Plus! Pack, Windows Me, and Windows XP does not properly check the destination folder during the decompression of ZIP files, which allows attackers to place an executable file in a known location on a user's system, aka "Incorrect Target Path for Zipped File Decompression."

References

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-054

http://www.securityfocus.com/bid/5876

http://www.iss.net/security_center/static/10252.php

Details

Source: Mitre, NVD

Published: 2002-10-11

Updated: 2018-10-12

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 7.1

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Severity: High