iso_wincmd Plugin for Total Commander Buffer Overflow Vulnerability

2007.01.03

Credit: Tan Chew Keong

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2006-6837

CWE: CWE-Other

CVSS Base Score: 6.8/10

Impact Subscore: 6.4/10

Exploitability Subscore: 8.6/10

Exploit range: Remote

Attack complexity: Medium

Authentication: No required

Confidentiality impact: Partial

Integrity impact: Partial

Availability impact: Partial

[vuln.sg] Vulnerability Research Advisory
iso_wincmd Plugin for Total Commander Buffer Overflow Vulnerability
by Tan Chew Keong
Release Date: 2006-12-30
Summary
-------
A vulnerability has been found in iso_wincmd Total Commander Plugin. When exploited, the vulnerability allows execution of arbitrary code when the user opens a malicious ISO file.
Tested Versions
---------------
iso_wincmd version 1.7.3.3 (1.7.3 Beta 3) and version 1.6.10.
Details
-------
http://vuln.sg/isowincmd173-en.html
http://vuln.sg/isowincmd173-jp.html

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

iso_wincmd Plugin for Total Commander Buffer Overflow Vulnerability

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.