Lucene search

[email protected]CVE-2007-4962

HistorySep 18, 2007 - 10:17 p.m.

CVE-2007-4962

2007-09-1822:17:00

CWE-22

[email protected]

web.nvd.nist.gov

cve-2007-4962

winimage

vulnerability

directory traversal

remote attackers

code execution

nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.3 High

AI Score

Confidence

High

0.048 Low

EPSS

Percentile

92.8%

JSON

Directory traversal vulnerability in WinImage 8.10 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a … (dot dot) in a filename within a (1) .IMG or (2) .ISO file. NOTE: this can be leveraged for code execution by writing to a Startup folder.

Affected configurations

NVD

Node

winimagewinimageMatch8.0

winimagewinimageMatch8.10

CPENameOperatorVersion
winimage:winimagewinimageeq8.0
winimage:winimagewinimageeq8.10

CPE	Name	Operator	Version
winimage:winimage	winimage	eq	8.0
winimage:winimage	winimage	eq	8.10

References

osvdb.org/40550

secunia.com/advisories/26832

securityreason.com/securityalert/3140

www.securityfocus.com/archive/1/479695/100/0/threaded

www.securityfocus.com/bid/25687

exchange.xforce.ibmcloud.com/vulnerabilities/36663

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.3 High

AI Score

Confidence

High

0.048 Low

EPSS

Percentile

92.8%

JSON

Related for CVE-2007-4962

nvd1 prion1 cvelist1