CVE-2008-0946 Information

Description

Directory traversal vulnerability in the IM Server (aka IMserve or IMserver) in Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote authenticated users to create arbitrary empty files via a .. (dot dot) in the recipient field.

Reference

http://aluigi.altervista.org/adv/ipsimene-adv.txt http://aluigi.org/poc/ipsimene.zip http://securityreason.com/securityalert/3697 http://www.securityfocus.com/archive/1/487748/100/200/threaded http://www.securityfocus.com/bid/27677