Lucene search

[email protected]CVE-2007-4547

HistoryAug 27, 2007 - 11:17 p.m.

CVE-2007-4547

2007-08-2723:17:00

[email protected]

web.nvd.nist.gov

cve-2007-4547

unreal commander

memory contents

information security

vulnerability

file extraction

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

5.9 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.4%

JSON

Unreal Commander 0.92 build 565 and 573 writes portions of heap memory into local files when extracting from an archive with malformed size information in a file header, which might allow user-assisted attackers to obtain sensitive information (memory contents) by reading the extracted files. NOTE: this issue is only a vulnerability if Unreal is run with privileges, or if the extracted files are made accessible to other users.

Affected configurations

NVD

Node

x-dieselunreal_commanderMatch0.92_build565

x-dieselunreal_commanderMatch0.92_build573

CPENameOperatorVersion
x-diesel:unreal_commanderx-diesel unreal commandereq0.92_build565
x-diesel:unreal_commanderx-diesel unreal commandereq0.92_build573

CPE	Name	Operator	Version
x-diesel:unreal_commander	x-diesel unreal commander	eq	0.92_build565
x-diesel:unreal_commander	x-diesel unreal commander	eq	0.92_build573

References

osvdb.org/45832

securityreason.com/securityalert/3060

www.securityfocus.com/archive/1/477432/100/0/threaded

www.securityfocus.com/bid/25419

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

5.9 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.4%

JSON

Related for CVE-2007-4547

prion1 cvelist1 nvd1