Vulnerabilities > CVE-2002-2067 - Incomplete Cleanup vulnerability in East-Tec Eraser 2002

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

east-tec

CWE-459

NVD

Published: 2002-12-31

Updated: 2024-02-08

Summary

East-Tec Eraser 2002 does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.

Vulnerable Configurations

Part	Description	Count
Application	East-Tec East TEC Eraser 2002	1

Common Weakness Enumeration (CWE)

CWE-459 - Incomplete Cleanup

Statements

contributor	Alexandra Preda
lastmodified	2006-12-20
organization	EAST Technologies
statement	This issue has been addressed in the latest version of our product, East-Tec Eraser 2007 and you may download it from http://www.east-tec.com

References

http://www.securityfocus.com/archive/1/251565
http://www.east-tec.com/eraser/faq.htm
http://www.seifried.org/security/advisories/kssa-003.html
http://www.ciac.org/ciac/bulletins/m-034.shtml
http://www.securityfocus.com/bid/3912
http://www.iss.net/security_center/static/7953.php