Lucene search

[email protected]CVE-2007-2758

HistoryMay 18, 2007 - 10:30 p.m.

CVE-2007-2758

2007-05-1822:30:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2007-2758

winimage

buffer overflow

remote code execution

fat image

8.8 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.106 Low

EPSS

Percentile

95.0%

JSON

Multiple buffer overflows in WinImage 8.0.8000 allow user-assisted remote attackers to execute arbitrary code via a FAT image that contains long directory names in a deeply nested directory structure, which triggers (1) a stack-based buffer overflow during extraction, or (2) a heap-based buffer overflow during traversal.

CPENameOperatorVersion
winimage:winimagewinimageeq8.0.8000

CPE	Name	Operator	Version
winimage:winimage	winimage	eq	8.0.8000

References

osvdb.org/36081

osvdb.org/36082

secunia.com/advisories/25277

vuln.sg/winimage808000-en.html

www.securityfocus.com/bid/24026

www.vupen.com/english/advisories/2007/1854

exchange.xforce.ibmcloud.com/vulnerabilities/34359

exchange.xforce.ibmcloud.com/vulnerabilities/34360

8.8 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.106 Low

EPSS

Percentile

95.0%

JSON

Related for CVE-2007-2758

prion1