Lucene search

MitreCVE-2006-6837

HistoryJan 03, 2007 - 2:00 a.m.

CVE-2006-6837

2007-01-0302:00:00

mitre

web.nvd.nist.gov

cve-2006-6837

buffer overflow

remote code execution

iso plugin

total commander

nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

8.2

Confidence

Low

EPSS

0.116

Percentile

95.3%

JSON

Multiple stack-based buffer overflows in the (1) LoadTree, (2) ReadHeader, and (3) LoadXBOXTree functions in the ISO (iso_wincmd) plugin 1.7.3.3 and earlier for Total Commander allow user-assisted remote attackers to execute arbitrary code via a long pathname in an ISO image.

Affected configurations

Nvd

Node

sergey_oblomoviso_wincmdMatch1.6.10

sergey_oblomoviso_wincmdMatch1.7.3.3

VendorProductVersionCPE
sergey_oblomoviso_wincmd1.6.10cpe:2.3:a:sergey_oblomov:iso_wincmd:1.6.10:*:*:*:*:*:*:*
sergey_oblomoviso_wincmd1.7.3.3cpe:2.3:a:sergey_oblomov:iso_wincmd:1.7.3.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sergey_oblomov	iso_wincmd	1.6.10	cpe:2.3:a:sergey_oblomov:iso_wincmd:1.6.10:::::::*
sergey_oblomov	iso_wincmd	1.7.3.3	cpe:2.3:a:sergey_oblomov:iso_wincmd:1.7.3.3:::::::*

References

secunia.com/advisories/23599

securityreason.com/securityalert/2088

securitytracker.com/id?1017458

vuln.sg/isowincmd173-en.html

vuln.sg/isowincmd173-jp.html

www.securityfocus.com/archive/1/455547/100/0/threaded

www.securityfocus.com/bid/21820

www.vupen.com/english/advisories/2007/0008

exchange.xforce.ibmcloud.com/vulnerabilities/31180

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

8.2

Confidence

Low

EPSS

0.116

Percentile

95.3%

JSON

Related for CVE-2006-6837