CVE-2002-1139 Information

Description

The Compressed Folders feature in Microsoft Windows 98 with Plus! Pack Windows Me and Windows XP does not properly check the destination folder during the decompression of ZIP files which allows attackers to place an executable file in a known location on a user’s system aka \Incorrect Target Path for Zipped File Decompression.\

Reference

http://www.iss.net/security_center/static/10252.php http://www.securityfocus.com/bid/5876 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-054