ID CVE-2007-4963
Summary Visual truncation vulnerability in WinImage 8.10 and earlier allows remote attackers to spoof a destination filename via a long sequence of space characters in a filename within a (1) .IMG or (2) .ISO file. NOTE: this can be leveraged with a separate directory traversal vulnerability to trick a careful user into overwriting arbitrary files.
References
Vulnerable Configurations
  • cpe:2.3:a:winimage:winimage:8.0:*:*:*:*:*:*:*
    cpe:2.3:a:winimage:winimage:8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:winimage:winimage:8.10:*:*:*:*:*:*:*
    cpe:2.3:a:winimage:winimage:8.10:*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 15-10-2018 - 21:38)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
refmap via4
bugtraq
  • 20070915 WinImage 8.10 vulnerabilities
  • 20070918 A little advisory content correction.
osvdb 45948
sreason 3140
Last major update 15-10-2018 - 21:38
Published 18-09-2007 - 22:17
Last modified 15-10-2018 - 21:38
Back to Top