Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6537

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2007-6537
Last Modified 07 Mar 2011 10:03:08
Published 27 Dec 2007 06:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-6537

Summary

Stack-based buffer overflow in the zfile_gunzip function in zfile.c in WinUAE 1.4.4 and earlier allows user-assisted remote attackers to execute arbitrary code via a long filename in a gzipped archive, such as a (1) gz, (2) adz, (3) roz, or (4) hdz archive in a compressed floppy disk image.

Vulnerable Systems

Application

  • Winuae 1.4.4


References

BID - 26979

MISC - http://www.winuae.net/frames/mainframe.html

VUPEN - ADV-2007-4306

BUGTRAQ - 20071221 Buffer-overflow in WinUAE 1.4.4

OSVDB - 39902

MISC - http://aluigi.org/poc/winuaebof.zip

MISC - http://aluigi.altervista.org/adv/winuaebof-adv.txt

SREASON - 3487

SECUNIA - 28208


Last Updated: 27 May 2016 10:46:32