Total Commander FileInfo Plugin Multiple PE File Denial of Service Vulnerabilities

Bugtraq ID:	25373
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2007-4463
Remote:	Yes
Local:	No
Published:	Aug 20 2007 12:00AM
Updated:	May 07 2015 05:35PM
Credit:	Gynvael Coldwind discovered these issues.
Vulnerable:	François Gannier FileInfo 2.09
Not Vulnerable:

Total Commander FileInfo Plugin Multiple PE File Denial of Service Vulnerabilities

The FileInfo plugin for Total Commander is prone to multiple PE file denial-of-service vulnerabilities because the plugin fails to properly handle malformed input.

Successfully exploiting these issues allows remote attackers to crash the affected application.

FileInfo 2.09 is vulnerable; other versions may also be affected.

Total Commander FileInfo Plugin Multiple PE File Denial of Service Vulnerabilities

The following executable file is sufficient to demonstrate these issues. Symantec has not tested or validated this file.

• /data/vulnerabilities/exploits/Fileinfo_DoS.exe

Total Commander FileInfo Plugin Multiple PE File Denial of Service Vulnerabilities

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Total Commander FileInfo Plugin Multiple PE File Denial of Service Vulnerabilities

References:

• [HISPASEC] Fileinfo 2.0.9 plugin for Total Commander multiple vulnerabilities ("Gynvael Coldwind" )