Lucene search

[email protected]CVE-2007-4464

HistoryAug 21, 2007 - 9:17 p.m.

CVE-2007-4464

2007-08-2121:17:00

CWE-94

[email protected]

web.nvd.nist.gov

cve-2007-4464

crlf injection

fileinfo

total commander

remote attack

spoofing

forensics

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.7 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.3%

JSON

CRLF injection vulnerability in the Fileinfo 2.0.9 plugin for Total Commander allows user-assisted remote attackers to spoof the information in the Image File Header tab via strings with CRLF sequences in the IMAGE_EXPORT_DIRECTORY array in a PE file, which could complicate forensics investigations.

Affected configurations

NVD

Node

fransois_gannierfileinfo_pluginMatch2.09

ghislertotal_commander

CPENameOperatorVersion
fransois_gannier:fileinfo_pluginfransois gannier fileinfo plugineq2.09
ghisler:total_commanderghisler total commandereq*

CPE	Name	Operator	Version
fransois_gannier:fileinfo_plugin	fransois gannier fileinfo plugin	eq	2.09
ghisler:total_commander	ghisler total commander	eq	*

References

blog.hispasec.com/lab/230

blog.hispasec.com/lab/advisories/adv_Fileinfo-2_09_multiple_vulnerabilities.txt

osvdb.org/46834

securityreason.com/securityalert/3044

www.securityfocus.com/archive/1/477170/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/36127

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.7 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.3%

JSON

Related for CVE-2007-4464

nvd1 cvelist1 prion1