fkie_cve-2013-4988
Vulnerability from fkie_nvd
Published
2013-12-13 18:07
Modified
2025-04-11 00:51
Severity ?
Summary
Stack-based buffer overflow in IcoFX 2.5 and earlier allows remote attackers to execute arbitrary code via a long idCount value in an ICONDIR structure in an ICO file. NOTE: some of these details are obtained from third party information.
References
cve@mitre.orghttp://archives.neohapsis.com/archives/bugtraq/2013-12/0046.htmlExploit
cve@mitre.orghttp://osvdb.org/100826
cve@mitre.orghttp://packetstormsecurity.com/files/124380/IcoFX-2.5.0.0-Buffer-Overflow.htmlExploit
cve@mitre.orghttp://packetstormsecurity.com/files/162995/IcoFX-2.6-Buffer-Overflow.html
cve@mitre.orghttp://seclists.org/fulldisclosure/2013/Dec/54Exploit
cve@mitre.orghttp://secunia.com/advisories/55964Vendor Advisory
cve@mitre.orghttp://www.coresecurity.com/advisories/icofx-buffer-overflow-vulnerabilityExploit
cve@mitre.orghttp://www.exploit-db.com/exploits/30208Exploit
cve@mitre.orghttp://www.securityfocus.com/bid/64221
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/89611
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/bugtraq/2013-12/0046.htmlExploit
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/100826
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/124380/IcoFX-2.5.0.0-Buffer-Overflow.htmlExploit
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/162995/IcoFX-2.6-Buffer-Overflow.html
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2013/Dec/54Exploit
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/55964Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.coresecurity.com/advisories/icofx-buffer-overflow-vulnerabilityExploit
af854a3a-2127-422b-91ae-364da2661108http://www.exploit-db.com/exploits/30208Exploit
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/64221
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/89611
Impacted products
Vendor Product Version
icofx icofx *
icofx icofx 1.6
icofx icofx 1.6.1
icofx icofx 1.6.2
icofx icofx 1.6.3
icofx icofx 1.6.4
icofx icofx 2.0
icofx icofx 2.1
icofx icofx 2.2
icofx icofx 2.3
icofx icofx 2.4


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:icofx:icofx:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A644399-B178-4C2D-B581-2F221FF89C30",
              "versionEndIncluding": "2.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:icofx:icofx:1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "94267A33-6808-4CB0-A88C-EF03BA96CF19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:icofx:icofx:1.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "68E5004A-9972-4D12-B26E-D9DA3F003DB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:icofx:icofx:1.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F31C6390-5303-450A-B40F-BA6113755CB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:icofx:icofx:1.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DF9D133-DFDD-47D8-8D1D-9C403B26D6FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:icofx:icofx:1.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0741A995-D610-4783-A02E-5C70E3CBA7BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:icofx:icofx:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F68494D-C223-4130-B788-C239D6B4DD40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:icofx:icofx:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1B7D6B1-F722-4796-AA5B-BCF714D81038",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:icofx:icofx:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1F1A18E-14D3-4FFF-995C-C21FAEDFEF95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:icofx:icofx:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D37DC35-36C0-4629-B182-B27092996246",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:icofx:icofx:2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "02EB38CA-40E2-44C1-A589-FFD8E72E1410",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Stack-based buffer overflow in IcoFX 2.5 and earlier allows remote attackers to execute arbitrary code via a long idCount value in an ICONDIR structure in an ICO file.  NOTE: some of these details are obtained from third party information."
    },
    {
      "lang": "es",
      "value": "Buffer overflow de pila en IcoFX 2.5 y anteriores permite a atacantes remotos ejecutar c\u00f3digo de forma arbitraria a trav\u00e9s de un valor idCount largo en una estructura ICONDIR en un archivo ICO.\nNOTA: Algunos de estos detalles han sido obtenidos de terceras partes."
    }
  ],
  "id": "CVE-2013-4988",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-12-13T18:07:51.373",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2013-12/0046.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/100826"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://packetstormsecurity.com/files/124380/IcoFX-2.5.0.0-Buffer-Overflow.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://packetstormsecurity.com/files/162995/IcoFX-2.6-Buffer-Overflow.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://seclists.org/fulldisclosure/2013/Dec/54"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/55964"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.coresecurity.com/advisories/icofx-buffer-overflow-vulnerability"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.exploit-db.com/exploits/30208"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/64221"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89611"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2013-12/0046.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/100826"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://packetstormsecurity.com/files/124380/IcoFX-2.5.0.0-Buffer-Overflow.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://packetstormsecurity.com/files/162995/IcoFX-2.6-Buffer-Overflow.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://seclists.org/fulldisclosure/2013/Dec/54"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/55964"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.coresecurity.com/advisories/icofx-buffer-overflow-vulnerability"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.exploit-db.com/exploits/30208"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/64221"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89611"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.