Lucene search

[email protected]CVE-2007-4963

HistorySep 18, 2007 - 10:17 p.m.

CVE-2007-4963

2007-09-1822:17:00

[email protected]

web.nvd.nist.gov

cve-2007-4963

visual truncation

winimage

remote attackers

spoofing

directory traversal

arbitrary files

nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6.7 Medium

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.4%

JSON

Visual truncation vulnerability in WinImage 8.10 and earlier allows remote attackers to spoof a destination filename via a long sequence of space characters in a filename within a (1) .IMG or (2) .ISO file. NOTE: this can be leveraged with a separate directory traversal vulnerability to trick a careful user into overwriting arbitrary files.

Affected configurations

NVD

Node

winimagewinimageMatch8.0

winimagewinimageMatch8.10

CPENameOperatorVersion
winimage:winimagewinimageeq8.0
winimage:winimagewinimageeq8.10

CPE	Name	Operator	Version
winimage:winimage	winimage	eq	8.0
winimage:winimage	winimage	eq	8.10

References

osvdb.org/45948

securityreason.com/securityalert/3140

www.securityfocus.com/archive/1/479695/100/0/threaded

www.securityfocus.com/archive/1/479872/100/100/threaded

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6.7 Medium

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.4%

JSON

Related for CVE-2007-4963

nvd1 prion1 cvelist1