>> Iso_wincmd Plugin for Total Commander Image Handling Buffer Overflow Vulnerability
Title : Iso_wincmd Plugin for Total Commander Image Handling Buffer Overflow Vulnerability VUPEN ID : VUPEN/ADV-2007-0008 CVE ID : CVE-2006-6837
Rated as : Moderate Risk
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2007-01-02
Technical Description
A vulnerability has been identified in Iso_wincmd (Plugin for Total Commander), which could be exploited by attackers to take complete control of an affected system. This issue is due to buffer overflow errors in the "LoadTree()", "ReadHeader()", and "LoadXBOXTree()" functions when processing specially crafted ISO images, which could be exploited by remote attackers to execute arbitrary commands by tricking a user into opening a malicious ISO file.
