WinImage Image Files Denial of Service and Directory Traversal Vulnerabilities
BID:25687
Info
WinImage Image Files Denial of Service and Directory Traversal Vulnerabilities
| Bugtraq ID: | 25687 |
| Class: | Unknown |
| CVE: |
CVE-2007-4964 CVE-2007-4962 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 17 2007 12:00AM |
| Updated: | Jul 05 2016 10:00PM |
| Credit: | j00ru//vx is credited with the discovery of these issues. |
| Vulnerable: |
WinImage WinImage 8.10 WinImage WinImage 8.0 |
| Not Vulnerable: | |
Discussion
WinImage Image Files Denial of Service and Directory Traversal Vulnerabilities
WinImage is prone to a denial-of-service vulnerability and a directory-traversal vulnerability because the application fails to adequately sanitize user-supplied input.
Attackers can exploit these issues to cause a denial of service or to write malicious files to arbitrary directories.
WinImage 8.0 and 8.10 are vulnerable; other versions may also be affected.
WinImage is prone to a denial-of-service vulnerability and a directory-traversal vulnerability because the application fails to adequately sanitize user-supplied input.
Attackers can exploit these issues to cause a denial of service or to write malicious files to arbitrary directories.
WinImage 8.0 and 8.10 are vulnerable; other versions may also be affected.
Exploit / POC
WinImage Image Files Denial of Service and Directory Traversal Vulnerabilities
To exploit these issues, an attacker must entice an unsuspecting user to open or extract a maliciously crafted disk-image file.
The following example file path names are available:
readme.txt/../../../../../../../../sth.bat
readme.txt<40 spaces here>/../../../../../../../../asdf.exe
The following proof-of-concept images are available:
To exploit these issues, an attacker must entice an unsuspecting user to open or extract a maliciously crafted disk-image file.
The following example file path names are available:
readme.txt/../../../../../../../../sth.bat
readme.txt<40 spaces here>/../../../../../../../../asdf.exe
The following proof-of-concept images are available:
Solution / Fix
WinImage Image Files Denial of Service and Directory Traversal Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
WinImage Image Files Denial of Service and Directory Traversal Vulnerabilities
References:
References:
- Vendor Homepage (WinImage)
- WinImage 8.10 vulnerabilities (j00ru//vx)