Vulnerability Description
The Fileinfo 2.0.9 plugin for Total Commander allows user-assisted remote attackers to cause a denial of service (unhandled exception) via an invalid RVA address function pointer in (1) an IMAGE_THUNK_DATA structure, involving the (a) OriginalFirstThunk and (b) FirstThunk IMAGE_IMPORT_DESCRIPTOR fields, or (2) the AddressOfNames IMAGE_EXPORT_DIRECTORY field in a PE file.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fransois Gannier | Fileinfo Plugin | 2.09 |
| Ghisler | Total Commander | All versions |
References
- http://blog.hispasec.com/lab/230
- http://blog.hispasec.com/lab/advisories/adv_Fileinfo-2_09_multiple_vulnerabiliti
- http://osvdb.org/46835
- http://securityreason.com/securityalert/3044
- http://www.securityfocus.com/archive/1/477170/100/0/threaded
- http://www.securityfocus.com/bid/25373Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36126
- http://blog.hispasec.com/lab/230
- http://blog.hispasec.com/lab/advisories/adv_Fileinfo-2_09_multiple_vulnerabiliti
- http://osvdb.org/46835
- http://securityreason.com/securityalert/3044
- http://www.securityfocus.com/archive/1/477170/100/0/threaded
- http://www.securityfocus.com/bid/25373Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36126
FAQ
What is CVE-2007-4463?
CVE-2007-4463 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The Fileinfo 2.0.9 plugin for Total Commander allows user-assisted remote attackers to cause a denial of service (unhandled exception) via an invalid RVA address function pointer in (1) an IMAGE_THUNK...
How severe is CVE-2007-4463?
CVE-2007-4463 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-4463?
Check the references section above for vendor advisories and patch information. Affected products include: Fransois Gannier Fileinfo Plugin, Ghisler Total Commander.