Unreal Commander is prone to multiple remote vulnerabilities when handling malformed ZIP and RAR archives. These vulnerabilities include a directory-traversal vulnerability, an information-disclosure vulnerability, and a filename-spoofing vulnerability.
An attacker can exploit these issues to compromise the affected computer, overwrite arbitrary files, and obtain sensitive information. Exploits of these issues may lead to other attacks.
Unreal Commander 0.92 (build 565) and 0.92 (build 573) are vulnerable; prior versions may also be affected.