Lucene search

[email protected]NVD:CVE-2007-4464

HistoryAug 21, 2007 - 9:17 p.m.

CVE-2007-4464

2007-08-2121:17:00

CWE-94

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.7

Confidence

Low

EPSS

0.006

Percentile

78.4%

JSON

CRLF injection vulnerability in the Fileinfo 2.0.9 plugin for Total Commander allows user-assisted remote attackers to spoof the information in the Image File Header tab via strings with CRLF sequences in the IMAGE_EXPORT_DIRECTORY array in a PE file, which could complicate forensics investigations.

Affected configurations

Nvd

Node

fransois_gannierfileinfo_pluginMatch2.09

ghislertotal_commander

VendorProductVersionCPE
fransois_gannierfileinfo_plugin2.09cpe:2.3:a:fransois_gannier:fileinfo_plugin:2.09:*:*:*:*:*:*:*
ghislertotal_commander*cpe:2.3:a:ghisler:total_commander:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fransois_gannier	fileinfo_plugin	2.09	cpe:2.3:a:fransois_gannier:fileinfo_plugin:2.09:::::::*
ghisler	total_commander	*	cpe:2.3:a:ghisler:total_commander::::::::

References

blog.hispasec.com/lab/230

blog.hispasec.com/lab/advisories/adv_Fileinfo-2_09_multiple_vulnerabilities.txt

osvdb.org/46834

securityreason.com/securityalert/3044

www.securityfocus.com/archive/1/477170/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/36127

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.7

Confidence

Low

EPSS

0.006

Percentile

78.4%

JSON

Related for NVD:CVE-2007-4464

cvelist1 cve1 prion1