cbcvebase.
CVE-2007-4962
published 2007-09-18

CVE-2007-4962: Directory traversal vulnerability in WinImage 8.10 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a .. (dot dot)…

PriorityP343critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
5.99%
92.4th percentile
Directory traversal vulnerability in WinImage 8.10 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a .. (dot dot) in a filename within a (1) .IMG or (2) .ISO file. NOTE: this can be leveraged for code execution by writing to a Startup folder.

Affected

2 ranges
VendorProductVersion rangeFixed in
winimagewinimage
winimagewinimage
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.