Visual truncation vulnerability in WinImage 8.10 and earlier allows remote attackers to spoof a destination filename via a long sequence of space characters in a filename within a (1) .IMG or (2) .ISO file. NOTE: this can be leveraged with a separate directory traversal vulnerability to trick a careful user into overwriting arbitrary files.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Winimage | Winimage | 8.0 (including) | 8.0 (including) |
Winimage | Winimage | 8.10 (including) | 8.10 (including) |