Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5133

Overview

Vulnerability Score 7.1 7.1
CVE Id CVE-2007-5133
Last Modified 15 Nov 2008 01:59:49
Published 27 Sep 2007 03:17:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-5133

Summary

Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service (CPU consumption) via a certain PNG file with a large tEXt chunk that possibly triggers an integer overflow in PNG chunk size handling, as demonstrated by badlycrafted.png.

Vulnerable Systems

Operating System

  • Microsoft Windows 2003 Server

  • Microsoft Windows Vista

  • Microsoft Windows Xp

  • Microsoft Windows-nt 2003

  • Microsoft Windows-nt Vista

  • Microsoft Windows-nt Xp

Application

  • 3ware 3dm Disk Management Software


References

BID - 25816

BUGTRAQ - 20070926 Re: Confirmed: Windows Explorer bad PNG file preview integer overflow handling

BUGTRAQ - 20070925 Possible Windows Explorer bad PNG file preview integer overflow handling

OSVDB - 45521

BUGTRAQ - 20070927 Re: Re: Re: Re: Confirmed: Windows Explorer bad PNG file preview integer overflow handling

BUGTRAQ - 20070927 Re: Possible Windows Explorer bad PNG file preview integer overflow handling

BUGTRAQ - 20070927 Re: Re: Re: Confirmed: Windows Explorer bad PNG file preview integer overflow handling


Last Updated: 27 May 2016 10:46:05