Vulnerabilities > CVE-2007-4035 - Unspecified vulnerability in Guidance Software Encase
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Guidance Software EnCase does not properly handle (1) certain malformed MBR partition tables with many entries, which allows remote attackers to prevent logical collection of a disk image; (2) NTFS filesystems with directory loops, which allows remote attackers to prevent examination of certain directory contents; and (3) certain other malformed NTFS filesystems, which allows remote attackers to prevent examination of corrupted records. NOTE: the vendor disputes the significance of these issues, because physical collection can be used instead, because the vendor believes that relevant attackers typically do not corrupt an MBR or a filesystem, and because detection of a loop is valuable on its own
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
References
- http://www.blackhat.com/html/bh-usa-07/bh-usa-07-speakers.html#Palmer
- http://www.isecpartners.com/files/iSEC-Breaking_Forensics_Software-Paper.v1_1.BH2007.pdf
- http://www.securityfocus.com/bid/25100
- http://www.securityfocus.com/archive/1/475335/100/0/threaded
- http://www.securityfocus.com/archive/1/474809/100/0/threaded
- http://www.securityfocus.com/archive/1/474750/100/0/threaded
- http://www.securityfocus.com/archive/1/474727/100/0/threaded