CVE-2007-4463 - Vulnerability Details - OpenCVE

The Fileinfo 2.0.9 plugin for Total Commander allows user-assisted remote attackers to cause a denial of service (unhandled exception) via an invalid RVA address function pointer in (1) an IMAGE_THUNK_DATA structure, involving the (a) OriginalFirstThunk and (b) FirstThunk IMAGE_IMPORT_DESCRIPTOR fields, or (2) the AddressOfNames IMAGE_EXPORT_DIRECTORY field in a PE file.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Fransois Gannier	Fileinfo Plugin
Ghisler	Total Commander

Configuration 1 [-]

OR	cpe:2.3:a:fransois_gannier:fileinfo_plugin:2.09:::::::*
	cpe:2.3:a:ghisler:total_commander::::::::

No data.

References

Link	Providers
http://blog.hispasec.com/lab/230
http://blog.hispasec.com/lab/advisories/adv_Fileinfo-2_09_multiple_vulnerabilities.txt
http://osvdb.org/46835
http://securityreason.com/securityalert/3044
http://www.securityfocus.com/archive/1/477170/100/0/threaded
http://www.securityfocus.com/bid/25373
https://exchange.xforce.ibmcloud.com/vulnerabilities/36126

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-08-21T21:00:00

Updated: 2024-08-07T14:53:56.053Z

Reserved: 2007-08-21T00:00:00

Link: CVE-2007-4463

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-08-21T21:17:00.000

Modified: 2024-11-21T00:35:39.750

Link: CVE-2007-4463

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-08-20T00:00:00", "descriptions": [{"lang": "en", "value": "The Fileinfo 2.0.9 plugin for Total Commander allows user-assisted remote attackers to cause a denial of service (unhandled exception) via an invalid RVA address function pointer in (1) an IMAGE_THUNK_DATA structure, involving the (a) OriginalFirstThunk and (b) FirstThunk IMAGE_IMPORT_DESCRIPTOR fields, or (2) the AddressOfNames IMAGE_EXPORT_DIRECTORY field in a PE file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "fileinfo-multiple-pe-dos(36126)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36126"}, {"tags": ["x_refsource_MISC"], "url": "http://blog.hispasec.com/lab/advisories/adv_Fileinfo-2_09_multiple_vulnerabilities.txt"}, {"tags": ["x_refsource_MISC"], "url": "http://blog.hispasec.com/lab/230"}, {"name": "25373", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/25373"}, {"name": "20070820 [HISPASEC] Fileinfo 2.0.9 plugin for Total Commander multiple vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/477170/100/0/threaded"}, {"name": "3044", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/3044"}, {"name": "46835", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/46835"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-4463", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Fileinfo 2.0.9 plugin for Total Commander allows user-assisted remote attackers to cause a denial of service (unhandled exception) via an invalid RVA address function pointer in (1) an IMAGE_THUNK_DATA structure, involving the (a) OriginalFirstThunk and (b) FirstThunk IMAGE_IMPORT_DESCRIPTOR fields, or (2) the AddressOfNames IMAGE_EXPORT_DIRECTORY field in a PE file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "fileinfo-multiple-pe-dos(36126)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36126"}, {"name": "http://blog.hispasec.com/lab/advisories/adv_Fileinfo-2_09_multiple_vulnerabilities.txt", "refsource": "MISC", "url": "http://blog.hispasec.com/lab/advisories/adv_Fileinfo-2_09_multiple_vulnerabilities.txt"}, {"name": "http://blog.hispasec.com/lab/230", "refsource": "MISC", "url": "http://blog.hispasec.com/lab/230"}, {"name": "25373", "refsource": "BID", "url": "http://www.securityfocus.com/bid/25373"}, {"name": "20070820 [HISPASEC] Fileinfo 2.0.9 plugin for Total Commander multiple vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/477170/100/0/threaded"}, {"name": "3044", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3044"}, {"name": "46835", "refsource": "OSVDB", "url": "http://osvdb.org/46835"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T14:53:56.053Z"}, "title": "CVE Program Container", "references": [{"name": "fileinfo-multiple-pe-dos(36126)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36126"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://blog.hispasec.com/lab/advisories/adv_Fileinfo-2_09_multiple_vulnerabilities.txt"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://blog.hispasec.com/lab/230"}, {"name": "25373", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/25373"}, {"name": "20070820 [HISPASEC] Fileinfo 2.0.9 plugin for Total Commander multiple vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/477170/100/0/threaded"}, {"name": "3044", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/3044"}, {"name": "46835", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/46835"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-4463", "datePublished": "2007-08-21T21:00:00", "dateReserved": "2007-08-21T00:00:00", "dateUpdated": "2024-08-07T14:53:56.053Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:fransois_gannier:fileinfo_plugin:2.09:*:*:*:*:*:*:*", "matchCriteriaId": "A644825D-15B4-41BD-9DAD-0A3D823D6BC7", "vulnerable": true}, {"criteria": "cpe:2.3:a:ghisler:total_commander:*:*:*:*:*:*:*:*", "matchCriteriaId": "BBD0E31A-6EF9-4F76-8EDB-1548048764BA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Fileinfo 2.0.9 plugin for Total Commander allows user-assisted remote attackers to cause a denial of service (unhandled exception) via an invalid RVA address function pointer in (1) an IMAGE_THUNK_DATA structure, involving the (a) OriginalFirstThunk and (b) FirstThunk IMAGE_IMPORT_DESCRIPTOR fields, or (2) the AddressOfNames IMAGE_EXPORT_DIRECTORY field in a PE file."}, {"lang": "es", "value": "La extensi\u00f3n Fileinfo 2.0.9 para Total Commander permite a atacantes remotos con la intervenci\u00f3n del usuario provocar una denegaci\u00f3n de servicio (excepci\u00f3n no capturada) mediante un puntero inv\u00e1lido a la funci\u00f3n de direcci\u00f3n RVA en (1) una estructura IMAGE_THUNK_DATA, involucrando los campos (a) OriginalFirstThunk y (b) FirstThunk de IMAGE_IMPORT_DESCRIPTOR, o (2) el campo AddressOfNames de IMAGE_EXPORT_DIRECTORY en un archivo PE."}], "id": "CVE-2007-4463", "lastModified": "2024-11-21T00:35:39.750", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2007-08-21T21:17:00.000", "references": [{"source": "cve@mitre.org", "url": "http://blog.hispasec.com/lab/230"}, {"source": "cve@mitre.org", "url": "http://blog.hispasec.com/lab/advisories/adv_Fileinfo-2_09_multiple_vulnerabilities.txt"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/46835"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/3044"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/477170/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/25373"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36126"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://blog.hispasec.com/lab/230"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://blog.hispasec.com/lab/advisories/adv_Fileinfo-2_09_multiple_vulnerabilities.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/46835"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/3044"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/477170/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/25373"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36126"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}