Offline Explorer Exposes System Files

 
Offline Explorer Exposes System Files
Reported May 19 by Wyzewun

VERSIONS EFFECTED
MetaProducts Offline Explorer 1.3.241

DESCRIPTION

Offline Explorer starts a service on port 800 that allows a Web user"s cache to be viewed remotely. The service is vulnerable to directory traversal bugs, which allows a remote users to connect to a system and view files outside of the cache directory using long-known "GET ..\.." command sequences.

VENDOR RESPONSE

MetaProducts is aware of this matter, however no response was known at the time of this writing.

CREDITS
Discovered and reported by Wyzewun

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish