CVE-2002-1139

medium

Microsoft

CVSS v3 Base Score

5.0

AV:N/AC:L/Au:N/C:N/I:P/A:N

EPSS Score

20.2%

Exploitation probability in 30 days

Top 4% most likely to be exploited

Attack Characteristics

Attack Vector

Network

Attack Complexity

Low

Confidentiality

None

Integrity

Availability

None

Published: October 11, 2002 (8616 days ago)

Last Modified: April 16, 2026

Vendor: Microsoft

Source: NVD

Description

The Compressed Folders feature in Microsoft Windows 98 with Plus! Pack, Windows Me, and Windows XP does not properly check the destination folder during the decompression of ZIP files, which allows attackers to place an executable file in a known location on a user's system, aka "Incorrect Target Path for Zipped File Decompression."

CWE

NVD-CWE-Other

Affected Products

microsoft windows 98 plus packmicrosoft windows memicrosoft windows xp

References

🔗 www.iss.net 🔗 www.securityfocus.com 🔗 docs.microsoft.com 🔗 www.iss.net 🔗 www.securityfocus.com

CVE-2002-1139

Vulnerability Report

Description

CWE

Affected Products

References