14 DAY TRIAL // A flaw in Total Commander 7.01 (that may affect prior versions as well) can allow a malicious user to upload any file he likes, anywhere he likes on your computer. Of course, having this vulnerability you could get some serious infections on your machine and there's no telling what they're limited to.
To say it in techie tongue, as I've seen on SecurityFocus, the program is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Basically a sanitization is a removal of sensitive (classified) data from an information system, a database, or an extract from a database. As for directory-traversal, this is a specific exploit for insufficient security validation/ sanitization and it makes characters representing "traverse to parent directory" pass through the file APIs. You may read more about it and even see some examples here.
A solution for this problem already exists and consists of uploading Total Commander to the later version 7.02. You may download it safely from our site, by clicking this link. Update to the latest version and don't let others mess around with your computer! If left unfixed, the exploit of this flaw could lead to nasty consequences!
It works on all versions of Windows (including Vista) and its shareware. You can try it for 30 days and then you will have to buy it for $34 or it will just keep nagging you about its trial period being done. This is a great program if you have two operating systems on your machine - you can access files on the Linux partition while booting with Windows, using this software.
If you want to read more about this program and see what new features the 7.02 brings, you may click this link - that's the official vendor's website.