Get our new Windows 7 eBook (PDF) for $7 with 70+ Tips. Download Now!
FastStone 4in1 Browser Web Server Directory Traversal
- 0
- Add a Comment
- No Related Post
Donato Ferrante has reported a vulnerability in FastStone 4in1 Browser, which can be exploited by malicious people to disclose sensitive information.
The vulnerability is caused due to an input validation error in the built-in web server, making it possible to disclose the content of arbitrary files via directory traversal attacks.
Example:
http://[victim]/..\..\..\..\..\..\..\..\[file]
The vulnerability has been reported in version 1.2. Prior versions may also be affected.
Solution: Update to version 1.3.
Critical: Moderately critical
Impact: Exposure of sensitive information
Where: From remote
Solution Status: Vendor Patch
Software: FastStone 4in1 Browser 1.x