VULNERABILITIES / FIXES - September 19, 2012
by Carol~ - 9/19/12 4:43 AM
Release Date : 2012-09-19
Criticality level : Less critical
Impact: Exposure of sensitive information
Where : From local network
Solution Status : Unpatched
Software: WinTR 4.x
A vulnerability has been reported in WinTr, which can be exploited by malicious people to disclose potentially sensitive information.
Certain unspecified input is not properly verified within the web server before being used to access files. This can be exploited to read arbitrary files via directory traversal sequences.
The vulnerability is reported in version 4.0.5 and prior.
No official solution is currently available.
Provided and/or discovered by:
ICS-CERT credits Daiki Fukumori, Cyber Defense Institute.