CVE-2002-1139 - OpenCVE

The Compressed Folders feature in Microsoft Windows 98 with Plus! Pack, Windows Me, and Windows XP does not properly check the destination folder during the decompression of ZIP files, which allows attackers to place an executable file in a known location on a user's system, aka "Incorrect Target Path for Zipped File Decompression."

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Microsoft	Windows 98 Plus Pack Windows Me Windows Xp

Configuration 1 [-]

OR	cpe:2.3:a:microsoft:windows_98_plus_pack::::::::
	cpe:2.3:o:microsoft:windows_me::::::::
	cpe:2.3:o:microsoft:windows_xp:::home:::::*
	cpe:2.3:o:microsoft:windows_xp::gold:professional:::::
	cpe:2.3:o:microsoft:windows_xp::sp1:home:::::

No data.

References

Link	Providers
http://www.iss.net/security_center/static/10252.php
http://www.securityfocus.com/bid/5876
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-054

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2004-09-01T04:00:00

Updated: 2024-08-08T03:12:17.130Z

Reserved: 2002-09-23T00:00:00

Link: CVE-2002-1139

Vulnrichment

No data.

NVD

Status : Modified

Published: 2002-10-11T04:00:00.000

Modified: 2018-10-12T21:31:57.833

Link: CVE-2002-1139

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2002-10-02T00:00:00", "descriptions": [{"lang": "en", "value": "The Compressed Folders feature in Microsoft Windows 98 with Plus! Pack, Windows Me, and Windows XP does not properly check the destination folder during the decompression of ZIP files, which allows attackers to place an executable file in a known location on a user's system, aka \"Incorrect Target Path for Zipped File Decompression.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2003-02-26T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "MS02-054", "tags": ["vendor-advisory", "x_refsource_MS"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-054"}, {"name": "5876", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/5876"}, {"name": "win-zip-incorrect-path(10252)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "http://www.iss.net/security_center/static/10252.php"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-1139", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Compressed Folders feature in Microsoft Windows 98 with Plus! Pack, Windows Me, and Windows XP does not properly check the destination folder during the decompression of ZIP files, which allows attackers to place an executable file in a known location on a user's system, aka \"Incorrect Target Path for Zipped File Decompression.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "MS02-054", "refsource": "MS", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-054"}, {"name": "5876", "refsource": "BID", "url": "http://www.securityfocus.com/bid/5876"}, {"name": "win-zip-incorrect-path(10252)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/10252.php"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T03:12:17.130Z"}, "title": "CVE Program Container", "references": [{"name": "MS02-054", "tags": ["vendor-advisory", "x_refsource_MS", "x_transferred"], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-054"}, {"name": "5876", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/5876"}, {"name": "win-zip-incorrect-path(10252)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "http://www.iss.net/security_center/static/10252.php"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-1139", "datePublished": "2004-09-01T04:00:00", "dateReserved": "2002-09-23T00:00:00", "dateUpdated": "2024-08-08T03:12:17.130Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:windows_98_plus_pack:*:*:*:*:*:*:*:*", "matchCriteriaId": "83DE6302-A76A-44C1-A2EC-27FD1B82B9B7", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*", "matchCriteriaId": "799DA395-C7F8-477C-8BC7-5B4B88FB7503", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*", "matchCriteriaId": "BC176BB0-1655-4BEA-A841-C4158167CC9B", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*", "matchCriteriaId": "4BF263CB-4239-4DB0-867C-9069ED02CAD7", "vulnerable": true}, {"criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*", "matchCriteriaId": "49693FA0-BF34-438B-AFF2-75ACC8A6D2E6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Compressed Folders feature in Microsoft Windows 98 with Plus! Pack, Windows Me, and Windows XP does not properly check the destination folder during the decompression of ZIP files, which allows attackers to place an executable file in a known location on a user's system, aka \"Incorrect Target Path for Zipped File Decompression.\""}, {"lang": "es", "value": "La caracter\u00edstica de Carpetas Comprimidas en Microsoft Windows 98 con el paquete Plus!, Windows Me, y Windows XP no comprueba adecuadamente la carpeta de destino durante la descompresi\u00f3n de ficheros ZIP, lo que permite a atacantes remotos poner un fichero ejecutable en una lugar conocido en el sistema del usuario, tambi\u00e9n conocida como \"Ruta Objetivo Incorrecta en Descompresi\u00f3n de Ficheros Zipeados\"."}], "id": "CVE-2002-1139", "lastModified": "2018-10-12T21:31:57.833", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2002-10-11T04:00:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.iss.net/security_center/static/10252.php"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/5876"}, {"source": "cve@mitre.org", "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-054"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}