Details of VAR-200608-0158

ID

VAR-200608-0158

CVE

CVE-2006-4507

TITLE

PSP of Photo Viewer of libTIFF Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2006-003097

DESCRIPTION

Unspecified vulnerability in the TIFF viewer (possibly libTIFF) in the Photo Viewer in the Sony PlaystationPortable (PSP) 2.00 through 2.80 allows local users to execute arbitrary code via crafted TIFF images. NOTE: due to lack of details, it is not clear whether this is related to other issues such as CVE-2006-3464 or CVE-2006-3465. ---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Currently the following type of positions are available: http://secunia.com/quality_assurance_analyst/ http://secunia.com/web_application_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: Sony PSP TIFF Image Viewing Code Execution Vulnerability SECUNIA ADVISORY ID: SA21672 VERIFY ADVISORY: http://secunia.com/advisories/21672/ CRITICAL: Moderately critical IMPACT: System access WHERE: >From remote OPERATING SYSTEM: Sony PlayStation Portable (PSP) 2.x http://secunia.com/product/5764/ DESCRIPTION: A vulnerability has been discovered in Sony PlayStation Portable, which can be exploited by malicious people to compromise a user's system. The vulnerability has been confirmed in version 2.60 and has also been reported in versions 2.00 through 2.80. SOLUTION: Do not view untrusted images. PROVIDED AND/OR DISCOVERED BY: Discovered by NOPx86. Additional research by psp250, Skylark, Joek2100, CSwindle, JimP, and Fanjita. ORIGINAL ADVISORY: http://noobz.eu/content/home.html#280806 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.8

sources: NVD: CVE-2006-4507 // JVNDB: JVNDB-2006-003097 // VULHUB: VHN-20615 // PACKETSTORM: 49596

AFFECTED PRODUCTS

vendor:	sony	model:	playstation portable	scope:	eq	version:	2.70	Trust: 1.6
vendor:	sony	model:	playstation portable	scope:	eq	version:	2.60	Trust: 1.6
vendor:	sony	model:	playstation portable	scope:	eq	version:	2.50	Trust: 1.6
vendor:	sony	model:	playstation portable	scope:	eq	version:	2.10	Trust: 1.6
vendor:	sony	model:	playstation portable	scope:	eq	version:	2.30	Trust: 1.6
vendor:	sony	model:	playstation portable	scope:	eq	version:	2.40	Trust: 1.6
vendor:	sony	model:	playstation portable	scope:	eq	version:	2.00	Trust: 1.6
vendor:	sony	model:	playstation portable	scope:	eq	version:	2.20	Trust: 1.6
vendor:	sony	model:	playstation portable	scope:	eq	version:	2.80	Trust: 1.6
vendor:	sony computer entertainment	model:	playstation portable	scope:	eq	version:	2.00 to 2.80	Trust: 0.8

sources: JVNDB: JVNDB-2006-003097 // CNNVD: CNNVD-200608-498 // NVD: CVE-2006-4507

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2006-4507
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2006-4507
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200608-498
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-20615
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2006-4507
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-20615
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-20615 // JVNDB: JVNDB-2006-003097 // CNNVD: CNNVD-200608-498 // NVD: CVE-2006-4507

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-4507

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-200608-498

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200608-498

CONFIGURATIONS

sources: JVNDB: JVNDB-2006-003097

PATCH

title:

Top Page

url:

http://us.playstation.com/psp/

Trust: 0.8

sources: JVNDB: JVNDB-2006-003097

EXTERNAL IDS

db:	NVD	id:	CVE-2006-4507	Trust: 2.5
db:	SECUNIA	id:	21672	Trust: 1.8
db:	VUPEN	id:	ADV-2006-3419	Trust: 1.7
db:	JVNDB	id:	JVNDB-2006-003097	Trust: 0.8
db:	CNNVD	id:	CNNVD-200608-498	Trust: 0.7
db:	XF	id:	28689	Trust: 0.6
db:	BID	id:	83664	Trust: 0.1
db:	VULHUB	id:	VHN-20615	Trust: 0.1
db:	PACKETSTORM	id:	49596	Trust: 0.1

sources: VULHUB: VHN-20615 // JVNDB: JVNDB-2006-003097 // PACKETSTORM: 49596 // CNNVD: CNNVD-200608-498 // NVD: CVE-2006-4507

REFERENCES

url:	http://noobz.eu/content/home.html#280806	Trust: 1.8
url:	http://secunia.com/advisories/21672	Trust: 1.7
url:	http://www.vupen.com/english/advisories/2006/3419	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/28689	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4507	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4507	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/28689	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2006/3419	Trust: 0.6
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/quality_assurance_analyst/	Trust: 0.1
url:	http://secunia.com/advisories/21672/	Trust: 0.1
url:	http://secunia.com/hardcore_disassembler_and_reverse_engineer/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/web_application_security_specialist/	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1
url:	http://secunia.com/product/5764/	Trust: 0.1

sources: VULHUB: VHN-20615 // JVNDB: JVNDB-2006-003097 // PACKETSTORM: 49596 // CNNVD: CNNVD-200608-498 // NVD: CVE-2006-4507

CREDITS

Secunia

Trust: 0.1

sources: PACKETSTORM: 49596

SOURCES

db:	VULHUB	id:	VHN-20615
db:	JVNDB	id:	JVNDB-2006-003097
db:	PACKETSTORM	id:	49596
db:	CNNVD	id:	CNNVD-200608-498
db:	NVD	id:	CVE-2006-4507

LAST UPDATE DATE

2024-08-14T14:00:14.334000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-20615	date:	2017-07-20T00:00:00
db:	JVNDB	id:	JVNDB-2006-003097	date:	2012-12-20T00:00:00
db:	CNNVD	id:	CNNVD-200608-498	date:	2006-09-07T00:00:00
db:	NVD	id:	CVE-2006-4507	date:	2017-07-20T01:33:08.600

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-20615	date:	2006-08-31T00:00:00
db:	JVNDB	id:	JVNDB-2006-003097	date:	2012-12-20T00:00:00
db:	PACKETSTORM	id:	49596	date:	2006-09-01T08:31:54
db:	CNNVD	id:	CNNVD-200608-498	date:	2006-08-31T00:00:00
db:	NVD	id:	CVE-2006-4507	date:	2006-08-31T23:04:00