PT-2015-5950 · Ghisler · Total Commander

Marcin Noga

Publicado

2015-07-21

Atualizado

2017-09-21

CVE-2015-2869

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions Ghisler Total Commander versions prior to 2.22 with the FileInfo plugin

Description The issue allows remote attackers to cause a denial of service, resulting in an out-of-bounds read and application crash. This can be achieved through several methods, including:

a large Size value in the Archive Member Header of a COFF Archive Library file,
a large Number Of Symbols value in the 1st Linker Member of a COFF Archive Library file,
a large Resource Table Count value in the LE Header of a Linear Executable file,
a large value in a certain Object field in a Resource Table Entry in a Linear Executable file.

Recommendations For Ghisler Total Commander with the FileInfo plugin version prior to 2.22, update the FileInfo plugin to version 2.22 or later to resolve the issue.

Correção

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

CVE-2015-2869

Produtos afetados

Total Commander

PT-2015-5950 · Ghisler · Total Commander

CVE-2015-2869

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6