CVE-2007-2758 - Multiple buffer overflows in WinImage 8.0.8000 allow user-assisted remote attackers to execute arbit

CVE-2007-2758

Summary

Multiple buffer overflows in WinImage 8.0.8000 allow user-assisted remote attackers to execute arbitrary code via a FAT image that contains long directory names in a deeply nested directory structure, which triggers (1) a stack-based buffer overflow during extraction, or (2) a heap-based buffer overflow during traversal.

References

Vulnerable Configurations

cpe:2.3:a:winimage:winimage:8.0.8000:*:*:*:*:*:*:*
cpe:2.3:a:winimage:winimage:8.0.8000:*:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 29-07-2017 - 01:31)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

refmap via4

bid	24026
misc	http://vuln.sg/winimage808000-en.html
osvdb	36081 36082
secunia	25277
vupen	ADV-2007-1854
xf	winimage-fat-directory-bo(34360) winimage-fat-file-bo(34359)

Last major update

29-07-2017 - 01:31

Published

18-05-2007 - 22:30

Last modified

29-07-2017 - 01:31