CVE-2002-1139 - OpenCVE

The Compressed Folders feature in Microsoft Windows 98 with Plus! Pack, Windows Me, and Windows XP does not properly check the destination folder during the decompression of ZIP files, which allows attackers to place an executable file in a known location on a user's system, aka "Incorrect Target Path for Zipped File Decompression."

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Microsoft	Windows Xp Windows Me Windows 98 Plus Pack

Configuration 1 [-]

OR	cpe:2.3:a:microsoft:windows_98_plus_pack::::::::
	cpe:2.3:o:microsoft:windows_me::::::::
	cpe:2.3:o:microsoft:windows_xp:::home:::::*
	cpe:2.3:o:microsoft:windows_xp::gold:professional:::::
	cpe:2.3:o:microsoft:windows_xp::sp1:home:::::

References

Link	Resource
http://www.iss.net/security_center/static/10252.php	Vendor Advisory
http://www.securityfocus.com/bid/5876
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-054

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2004-09-01T04:00:00

Updated: 2003-02-26T10:00:00

Reserved: 2002-09-23T00:00:00

Link: CVE-2002-1139

JSON object: View

NVD Information

Status : Modified

Published: 2002-10-11T04:00:00.000

Modified: 2018-10-12T21:31:57.833

Link: CVE-2002-1139

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2002-10-02T00:00:00", "descriptions": [{"lang": "en", "value": "The Compressed Folders feature in Microsoft Windows 98 with Plus! Pack, Windows Me, and Windows XP does not properly check the destination folder during the decompression of ZIP files, which allows attackers to place an executable file in a known location on a user's system, aka \"Incorrect Target Path for Zipped File Decompression.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2003-02-26T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "MS02-054", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-054"}, {"name": "5876", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/5876"}, {"name": "win-zip-incorrect-path(10252)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "http://www.iss.net/security_center/static/10252.php"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-1139", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Compressed Folders feature in Microsoft Windows 98 with Plus! Pack, Windows Me, and Windows XP does not properly check the destination folder during the decompression of ZIP files, which allows attackers to place an executable file in a known location on a user's system, aka \"Incorrect Target Path for Zipped File Decompression.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "MS02-054", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-054"}, {"name": "5876", "refsource": "BID", "url": "http://www.securityfocus.com/bid/5876"}, {"name": "win-zip-incorrect-path(10252)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/10252.php"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-1139", "datePublished": "2004-09-01T04:00:00", "dateReserved": "2002-09-23T00:00:00", "dateUpdated": "2003-02-26T10:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:windows_98_plus_pack:*:*:*:*:*:*:*:*", "matchCriteriaId": "83DE6302-A76A-44C1-A2EC-27FD1B82B9B7", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*", "matchCriteriaId": "799DA395-C7F8-477C-8BC7-5B4B88FB7503", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*", "matchCriteriaId": "BC176BB0-1655-4BEA-A841-C4158167CC9B", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*", "matchCriteriaId": "4BF263CB-4239-4DB0-867C-9069ED02CAD7", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*", "matchCriteriaId": "49693FA0-BF34-438B-AFF2-75ACC8A6D2E6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Compressed Folders feature in Microsoft Windows 98 with Plus! Pack, Windows Me, and Windows XP does not properly check the destination folder during the decompression of ZIP files, which allows attackers to place an executable file in a known location on a user's system, aka \"Incorrect Target Path for Zipped File Decompression.\""}, {"lang": "es", "value": "La caracter\u00edstica de Carpetas Comprimidas en Microsoft Windows 98 con el paquete Plus!, Windows Me, y Windows XP no comprueba adecuadamente la carpeta de destino durante la descompresi\u00f3n de ficheros ZIP, lo que permite a atacantes remotos poner un fichero ejecutable en una lugar conocido en el sistema del usuario, tambi\u00e9n conocida como \"Ruta Objetivo Incorrecta en Descompresi\u00f3n de Ficheros Zipeados\"."}], "id": "CVE-2002-1139", "lastModified": "2018-10-12T21:31:57.833", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2002-10-11T04:00:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.iss.net/security_center/static/10252.php"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/5876"}, {"source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-054"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}