Vulnerabilities > CVE-2007-4463 - PE File Denial of Service vulnerability in Total Commander FileInfo Plugin
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
The Fileinfo 2.0.9 plugin for Total Commander allows user-assisted remote attackers to cause a denial of service (unhandled exception) via an invalid RVA address function pointer in (1) an IMAGE_THUNK_DATA structure, involving the (a) OriginalFirstThunk and (b) FirstThunk IMAGE_IMPORT_DESCRIPTOR fields, or (2) the AddressOfNames IMAGE_EXPORT_DIRECTORY field in a PE file.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| Application | 1 |
Exploit-Db
| description | Total Commander FileInfo 2.09 Plugin Multiple PE File Denial of Service Vulnerabilities. CVE-2007-4463. Dos exploit for windows platform |
| id | EDB-ID:30512 |
| last seen | 2016-02-03 |
| modified | 2007-07-20 |
| published | 2007-07-20 |
| reporter | Gynvael Coldwind |
| source | https://www.exploit-db.com/download/30512/ |
| title | Total Commander FileInfo 2.09 Plugin - Multiple PE File Denial of Service Vulnerabilities |
References
- http://blog.hispasec.com/lab/230
- http://blog.hispasec.com/lab/advisories/adv_Fileinfo-2_09_multiple_vulnerabilities.txt
- http://osvdb.org/46835
- http://securityreason.com/securityalert/3044
- http://www.securityfocus.com/archive/1/477170/100/0/threaded
- http://www.securityfocus.com/bid/25373
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36126