[原文]Absolute path traversal vulnerability in Easy File Sharing (EFS) Web Server 3.2 allows remote registered users to execute arbitrary code by uploading a malicious file to the Windows startup folder.
Easy File Sharing Web Server Full Path Request Arbitrary File Upload
Remote / Network Access
Loss of Integrity
Easy File Sharing Web Server contains a flaw that may allow a malicious user to upload files to arbitrary locations on the filesystem with the same privelege as the server. The issue is triggered when a user uploads a file to a URL such as http://[target]/disk_c/Documents%20and%20Settings/All%20Users/Start%20Menu/Programs/Startup. It is possible that the flaw may allow allow arbitrary code execution when a new file is placed in a startup folder resulting in a loss of integrity.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.