CVE-2007-4962

Name of the Vulnerable Software and Affected Versions WinImage versions 8.10 and earlier

Description A directory traversal issue allows user-assisted remote attackers to create or overwrite arbitrary files by including a .. (dot dot) in a filename within a .IMG or .ISO file. This can potentially be leveraged for code execution by writing to a Startup folder.

Recommendations For versions 8.10 and earlier, consider restricting the handling of .IMG and .ISO files to prevent exploitation until a fix is available. As a temporary workaround, avoid using the .. (dot dot) notation in filenames within these file types.