WinWrapper is a commercial firewall implementation for the Microsoft Windows platform. It is distributed and maintained by ASCII NT.
WinWrapper provides a remote administration interface that runs on port 4096. Due to insufficient validation of input, it is possible for a remote user to traverse local directories on a system via the administrative interface using a classic dot-dot-slash (../) attack.
Information
Bugtraq ID: | 3219 | Class: | Input Validation Error | CVE: | CVE-2001-1139
| Remote: | Yes | Local: | No | Published: | Aug 22 2001 12:00AM | Updated: | Jul 11 2009 07:56AM | Credit: | This vulnerability was announced in an SNS Security Advisory on August 22, 2001. | Vulnerable: | ASCII NT WinWrapper Professional 2.0
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Server Japanese Edition
- Microsoft Windows 95 SR2
- Microsoft Windows 98 SP1
- Microsoft Windows 98SE
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
| | Not Vulnerable: | ASCII NT WinWrapper Professional 2.0.1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Server Japanese Edition
- Microsoft Windows 95 SR2
- Microsoft Windows 98 SP1
- Microsoft Windows 98SE
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
| Exploit
No exploit is required for this vulnerability.
