CVE-2006-4507 - OpenCVE

Unspecified vulnerability in the TIFF viewer (possibly libTIFF) in the Photo Viewer in the Sony PlaystationPortable (PSP) 2.00 through 2.80 allows local users to execute arbitrary code via crafted TIFF images. NOTE: due to lack of details, it is not clear whether this is related to other issues such as CVE-2006-3464 or CVE-2006-3465.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Sony	Playstation Portable

Configuration 1 [-]

OR	cpe:2.3:h:sony:playstation_portable:2.00:::::::*
	cpe:2.3:h:sony:playstation_portable:2.10:::::::*
	cpe:2.3:h:sony:playstation_portable:2.20:::::::*
	cpe:2.3:h:sony:playstation_portable:2.30:::::::*
	cpe:2.3:h:sony:playstation_portable:2.40:::::::*
	cpe:2.3:h:sony:playstation_portable:2.50:::::::*
	cpe:2.3:h:sony:playstation_portable:2.60:::::::*
	cpe:2.3:h:sony:playstation_portable:2.70:::::::*
	cpe:2.3:h:sony:playstation_portable:2.80:::::::*

References

Link	Resource
http://noobz.eu/content/home.html#280806
http://secunia.com/advisories/21672	Vendor Advisory
http://www.vupen.com/english/advisories/2006/3419
https://exchange.xforce.ibmcloud.com/vulnerabilities/28689

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2006-08-31T23:00:00

Updated: 2017-07-19T15:57:01

Reserved: 2006-08-31T00:00:00

Link: CVE-2006-4507

JSON object: View

NVD Information

Status : Modified

Published: 2006-08-31T23:04:00.000

Modified: 2017-07-20T01:33:08.600

Link: CVE-2006-4507

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-08-28T00:00:00", "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the TIFF viewer (possibly libTIFF) in the Photo Viewer in the Sony PlaystationPortable (PSP) 2.00 through 2.80 allows local users to execute arbitrary code via crafted TIFF images. NOTE: due to lack of details, it is not clear whether this is related to other issues such as CVE-2006-3464 or CVE-2006-3465."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-19T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "sonypsp-tiff-code-execution(28689)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28689"}, {"name": "ADV-2006-3419", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/3419"}, {"name": "21672", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/21672"}, {"tags": ["x_refsource_MISC"], "url": "http://noobz.eu/content/home.html#280806"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-4507", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unspecified vulnerability in the TIFF viewer (possibly libTIFF) in the Photo Viewer in the Sony PlaystationPortable (PSP) 2.00 through 2.80 allows local users to execute arbitrary code via crafted TIFF images. NOTE: due to lack of details, it is not clear whether this is related to other issues such as CVE-2006-3464 or CVE-2006-3465."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "sonypsp-tiff-code-execution(28689)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28689"}, {"name": "ADV-2006-3419", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/3419"}, {"name": "21672", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21672"}, {"name": "http://noobz.eu/content/home.html#280806", "refsource": "MISC", "url": "http://noobz.eu/content/home.html#280806"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-4507", "datePublished": "2006-08-31T23:00:00", "dateReserved": "2006-08-31T00:00:00", "dateUpdated": "2017-07-19T15:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:sony:playstation_portable:2.00:*:*:*:*:*:*:*", "matchCriteriaId": "F9B7B3CA-BC2C-4EE5-85D4-DEF315AE4C1F", "vulnerable": true}, {"criteria": "cpe:2.3:h:sony:playstation_portable:2.10:*:*:*:*:*:*:*", "matchCriteriaId": "3B71982B-0217-4E9C-A6BF-2414EC874FFB", "vulnerable": true}, {"criteria": "cpe:2.3:h:sony:playstation_portable:2.20:*:*:*:*:*:*:*", "matchCriteriaId": "16F0F385-EFD5-4CA7-B81A-9D9E35D47B8B", "vulnerable": true}, {"criteria": "cpe:2.3:h:sony:playstation_portable:2.30:*:*:*:*:*:*:*", "matchCriteriaId": "ABD8A169-63E6-48F4-AADD-87AC8EA4504D", "vulnerable": true}, {"criteria": "cpe:2.3:h:sony:playstation_portable:2.40:*:*:*:*:*:*:*", "matchCriteriaId": "0FC11E59-9FF4-49F9-AE27-37664C2D5EF0", "vulnerable": true}, {"criteria": "cpe:2.3:h:sony:playstation_portable:2.50:*:*:*:*:*:*:*", "matchCriteriaId": "C8C06FD4-8C74-4CBD-8A68-924097A0803C", "vulnerable": true}, {"criteria": "cpe:2.3:h:sony:playstation_portable:2.60:*:*:*:*:*:*:*", "matchCriteriaId": "464F161B-2525-4F2F-8987-F52C1490E16F", "vulnerable": true}, {"criteria": "cpe:2.3:h:sony:playstation_portable:2.70:*:*:*:*:*:*:*", "matchCriteriaId": "87397BDF-FDB9-4627-A246-B364EEAF867B", "vulnerable": true}, {"criteria": "cpe:2.3:h:sony:playstation_portable:2.80:*:*:*:*:*:*:*", "matchCriteriaId": "91E4947F-B049-4F81-A0EF-CFC2AB907712", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Unspecified vulnerability in the TIFF viewer (possibly libTIFF) in the Photo Viewer in the Sony PlaystationPortable (PSP) 2.00 through 2.80 allows local users to execute arbitrary code via crafted TIFF images. NOTE: due to lack of details, it is not clear whether this is related to other issues such as CVE-2006-3464 or CVE-2006-3465."}, {"lang": "es", "value": "Vulnerabilidad no especificada en el visor RIFF (posiblemente libTIFF) en el Visor de Fotograf\u00edas en la Sony Playstation Portable (PSP) 2.00 a 2.80 permite a usuarios locales ejecutar c\u00f3digo de su elecci\u00f3n mediante im\u00e1genes TIFF creadas artesanalmente. NOTA: debido a la falta de detalles, no est\u00e1 claro si est\u00e1 relacionada con otras vulnerabilidades como CVE-2006-3464 o CVE-2006-3465."}], "id": "CVE-2006-4507", "lastModified": "2017-07-20T01:33:08.600", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": true, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-08-31T23:04:00.000", "references": [{"source": "cve@mitre.org", "url": "http://noobz.eu/content/home.html#280806"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/21672"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/3419"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28689"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}