alt-n WorldClient standard 2.1 - Directory Traversal

Author: Rikard Carlsson
type: remote
platform: windows
port: 
date_added: 2000-07-12 
date_updated: 2012-07-24 
verified: 1 
codes: CVE-2000-0660 ;OSVDB-1459 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/1462/info

The HTTP interface for WorldClient 2.1 is vulnerable to a directory traversal. By requesting a URL composed of the filename and ..\ it is possible for a remote user to retrieve and dowload any file of known location.

Example:
http://email.victim.com/..\..\..\winnt\repair\sam._