Vulnerabilities > CVE-2007-4035 - Unspecified vulnerability in Guidance Software Encase
Summary
Guidance Software EnCase does not properly handle (1) certain malformed MBR partition tables with many entries, which allows remote attackers to prevent logical collection of a disk image; (2) NTFS filesystems with directory loops, which allows remote attackers to prevent examination of certain directory contents; and (3) certain other malformed NTFS filesystems, which allows remote attackers to prevent examination of corrupted records. NOTE: the vendor disputes the significance of these issues, because physical collection can be used instead, because the vendor believes that relevant attackers typically do not corrupt an MBR or a filesystem, and because detection of a loop is valuable on its own
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
References
- http://www.blackhat.com/html/bh-usa-07/bh-usa-07-speakers.html#Palmer
- http://www.isecpartners.com/files/iSEC-Breaking_Forensics_Software-Paper.v1_1.BH2007.pdf
- http://www.securityfocus.com/bid/25100
- http://www.securityfocus.com/archive/1/475335/100/0/threaded
- http://www.securityfocus.com/archive/1/474809/100/0/threaded
- http://www.securityfocus.com/archive/1/474750/100/0/threaded
- http://www.securityfocus.com/archive/1/474727/100/0/threaded