Windows

FastStone 4in1 Browser Web Server Directory Traversal

Posted by on Mar 30, 2005 | 4 Comments

Secunia Advisory: SA14743

Donato Ferrante has reported a vulnerability in FastStone 4in1 Browser, which can be exploited by malicious people to disclose sensitive information.

The vulnerability is caused due to an input validation error in the built-in web server, making it possible to disclose the content of arbitrary files via directory traversal attacks.

Example:

http://[victim]/..\..\..\..\..\..\..\..\[file]

The vulnerability has been reported in version 1.2. Prior versions may also be affected.

Solution: Update to version 1.3.

[Secunia Advisory: SA14743]

Critical: Moderately critical
Impact: Exposure of sensitive information
Where: From remote
Solution Status: Vendor Patch
Software: FastStone 4in1 Browser 1.x

  • http://twitter.com/jeowd Joseph

    Bought a keyboard after seeing this video. I needed one with more space between the keys, unsure about the mice, but I just wanted the keyboard.

  • http://twitter.com/jeowd Joseph

    Bought a keyboard after seeing this video. I needed one with more space between the keys, unsure about the mice, but I just wanted the keyboard.

  • http://twitter.com/jeowd Joseph

    Bought a keyboard after seeing this video. I needed one with more space between the keys, unsure about the mice, but I just wanted the keyboard.

  • http://twitter.com/jeowd Joseph

    Bought a keyboard after seeing this video. I needed one with more space between the keys, unsure about the mice, but I just wanted the keyboard.