header-logo
Suggest Exploit
vendor:
WinImage
by:
Unknown
5.5
CVSS
MEDIUM
Denial-of-Service, Directory Traversal
22, 23
CWE
Product Name: WinImage
Affected Version From: 8
Affected Version To: 8.1
Patch Exists: YES
Related CWE: CVE-2007-4064, CVE-2007-4065
CPE: a:winimage:winimage:8.0, cpe:/a:winimage:winimage:8.10
Other Scripts:
Platforms Tested: Windows
2007

WinImage Denial-of-Service and Directory Traversal Vulnerabilities

WinImage is prone to a denial-of-service vulnerability and a directory-traversal vulnerability because the application fails to adequately sanitize user-supplied input. Attackers can exploit these issues to cause a denial of service or to write malicious files to arbitrary directories.

Mitigation:

It is recommended to update to the latest version of WinImage to mitigate these vulnerabilities.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/25687/info

WinImage is prone to a denial-of-service vulnerability and a directory-traversal vulnerability because the application fails to adequately sanitize user-supplied input.

Attackers can exploit these issues to cause a denial of service or to write malicious files to arbitrary directories.

WinImage 8.0 and 8.10 are vulnerable; other versions may also be affected. 

readme.txt/../../../../../../../../sth.bat
readme.txt<40 spaces here>/../../../../../../../../asdf.exe