Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2007-4962

EPSS 4.39% · P89

Public Exploits 1

ExploitDB · 1 EDB-30589 [remote]
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2007-4962

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Directory traversal vulnerability in WinImage 8.10 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a .. (dot dot) in a filename within a (1) .IMG or (2) .ISO file. NOTE: this can be leveraged for code execution by writing to a Startup folder.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
WinImage镜像文件处理目录遍历漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
WinImage是一个磁盘工具,允许用户创建一张软盘的映像、从映像中提取文件等。 WinImage在处理畸形格式的数据文件时存在漏洞,攻击者可能利用这些漏洞导致控制用户系统或造成拒绝服务。 WinImage在处理.IMG和.ISO镜像时没有检查文件名或目录名中是否包含有".."之类的字符串,因此如果用户受骗打开了包含有畸形名称的文件夹或文件的话就可能在用户所指定的磁盘分区创建文件或目录。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2007-4962

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2007-4962

登录查看更多情报信息。

Same Patch Batch · n/a · 2007-09-18 · 51 CVEs total

CVE-2007-4943BaoFeng BaoFeng Storm 缓冲区溢出漏洞
CVE-2007-4927Axis Communications 207W网络摄像机We接口'axis-cgi/buffer/command.cgi'拒绝服务攻击漏洞
CVE-2007-4931HP系统管理主页不完整安装升级漏洞
CVE-2007-4932Shop-Script Shop-Script Shop-Script 输入验证漏洞
CVE-2007-4933Shop-Script Shop-Script Shop-Script 代码注入漏洞
CVE-2007-4934phpFFL PHPFFL_File_Root Parameter 多个远程文件包含漏洞
CVE-2007-4935PhpFFL代码注入漏洞
CVE-2007-4930Axis Communications 207W网络摄像机We接口跨站求情伪造漏洞
CVE-2007-4945LetterGrade 多个跨站脚本攻击漏洞
CVE-2007-4944Opera 9.22敏感信息泄露漏洞
CVE-2007-4946LetterGrade 敏感信息泄露漏洞
CVE-2007-4942Focus_SIS Focus_SIS Focus_SIS 代码注入漏洞
CVE-2007-4941KDE KDE KMPlayer 资源管理错误漏洞
CVE-2007-4940Media Player Classic Malformed AVI Header 多个远程漏洞
CVE-2007-4939Media Player Classic Malformed AVI Header 多个远程漏洞
CVE-2007-4938MPlayer AVIHeader.C Heap Based 缓冲区溢出漏洞
CVE-2007-4937CS-Guestbook Login Credentials 信息泄露漏洞
CVE-2007-4936SafeSquid Prior to 4.2.0 未明安全漏洞
CVE-2007-4137Trolltech Qt 缓冲区错误漏洞
CVE-2007-1865Redhat Redhat Enterprise_linux 数字错误漏洞

Showing top 20 of 51 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2007-4962

No comments yet

Leave a comment