35 matches found
CVE-2007-4963
The CVE concerns WinImage 8.10 and earlier, which has a visual truncation vulnerability in filenames inside .IMG or .ISO files. A long sequence of space characters in a destination filename can be used to spoof the target name, and this can be combined with a separate directory traversal vulnerab...
CVE-2007-4962
The CVE-2007-4962 entry affects WinImage up to version 8.10. A directory traversal flaw lets an attacker place or overwrite files by crafting a filename containing .. within a .IMG or .ISO image, potentially enabling code execution by writing to a Startup folder. The NVD entry and related records...
CVE-2007-4964
WinImage 8.10 and earlier allows remote attackers to cause a denial of service infinite loop via an invalid BPBBytsPerSec field in the header of a .IMG file...
CVE-2007-4963
Visual truncation vulnerability in WinImage 8.10 and earlier allows remote attackers to spoof a destination filename via a long sequence of space characters in a filename within a 1 .IMG or 2 .ISO file. NOTE: this can be leveraged with a separate directory traversal vulnerability to trick a caref...
CVE-2007-4962
Directory traversal vulnerability in WinImage 8.10 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a .. dot dot in a filename within a 1 .IMG or 2 .ISO file. NOTE: this can be leveraged for code execution by writing to a Startup folder...
winimage-traverse.txt
Team Vexillium Security Advisory http://vexillium.org/ Name : WinImage 8.10 Multiple Vulnerabilities Class : Denial of Service and Directory Traversal Threat level : LOW DoS, MED Dir. traversal vuln Discovered : 2007-08-31 Published : 2007-09-15 Credit : j00ru//vx Vulnerable : WinImage 8.10,...
WinImage映象文件拒绝服务和目录遍历漏洞
WinImage是一款可将文件或是文件夹制成镜像文件的程序。 WinImage不正确处理映象数据,远程攻击者可以利用漏洞对应用程序进行拒绝服务和目录遍历攻击。 问题一是FAT映象处理函数中存在问题,特殊构建一个特定的头字段修改过的.img文件,可导致进入无限循环而造成拒绝服务攻击。 问题二是.img和.iso映象文件处理不正确检查包含".."字符的文件名和目录名,可导致在文件展开时绕过目录限制,覆盖或建立任意文件。 WinImage WinImage 8.10 WinImage WinImage 8.0 目前没有解决方案提供:...
WinImage 8.08.10 - .IMG File BPB_BytsPerSec Field Denial of Service
WinImage 8.08.10 - .IMG File BPBBytsPerSec Field Denial of Service source: https://www.securityfocus.com/bid/25687/info WinImage is prone to a denial-of-service vulnerability and a directory-traversal vulnerability because the application fails to adequately sanitize user-supplied input. Attacker...
WinImage 8.08.10 - File Handling Traversal Arbitrary File Overwrite
WinImage 8.08.10 - File Handling Traversal Arbitrary File Overwrite source: https://www.securityfocus.com/bid/25687/info WinImage is prone to a denial-of-service vulnerability and a directory-traversal vulnerability because the application fails to adequately sanitize user-supplied input. Attacke...
WinImage 8.0/8.10 - '.IMG' File BPB_BytsPerSec Field Denial of Service
source: https://www.securityfocus.com/bid/25687/info WinImage is prone to a denial-of-service vulnerability and a directory-traversal vulnerability because the application fails to adequately sanitize user-supplied input. Attackers can exploit these issues to cause a denial of service or to write...
WinImage 8.0/8.10 - File Handling Traversal Arbitrary File Overwrite
source: https://www.securityfocus.com/bid/25687/info WinImage is prone to a denial-of-service vulnerability and a directory-traversal vulnerability because the application fails to adequately sanitize user-supplied input. Attackers can exploit these issues to cause a denial of service or to write...
Heap overflow
Multiple buffer overflows in WinImage 8.0.8000 allow user-assisted remote attackers to execute arbitrary code via a FAT image that contains long directory names in a deeply nested directory structure, which triggers 1 a stack-based buffer overflow during extraction, or 2 a heap-based buffer...
CVE-2007-2758
Multiple buffer overflows in WinImage 8.0.8000 allow user-assisted remote attackers to execute arbitrary code via a FAT image that contains long directory names in a deeply nested directory structure, which triggers 1 a stack-based buffer overflow during extraction, or 2 a heap-based buffer...
CVE-2007-2758
WinImage 8.0.8000 contains multiple buffer overflows that can be triggered by a FAT image with long directory names in deeply nested structures. The vulnerabilities can lead to user‑assisted remote code execution via (1) a stack‑based overflow during extraction or (2) a heap‑based overflow during...
CVE-2007-2758
Multiple buffer overflows in WinImage 8.0.8000 allow user-assisted remote attackers to execute arbitrary code via a FAT image that contains long directory names in a deeply nested directory structure, which triggers 1 a stack-based buffer overflow during extraction, or 2 a heap-based buffer...