Bugtraq mailing list archives
IMENDIO PLANNER REMOTE FILENAME FORMAT STRING VULNERABILITY
From: king_purba () yahoo co uk
Date: 7 Aug 2006 08:59:05 -0000
By : LoneEagle E-mail : king_purba () yahoo co uk http://kandangjamur.net Affected : IMENDIO PLANNER 0.13 PROJECT MANAGEMENT FEDORA 4. Impact : System Acces
From : Remote
Severity : Moderately Critical Description: ------------ Imendio planner was failed when opening file name format string. Remote attacker can exploit this vulnerabilty by creating a malicious filename that contain format string specifier. Successfull attacking can be used for executing arbitrary code. Solution : ---------- Don't open file from untursted source.
Current thread:
- IMENDIO PLANNER REMOTE FILENAME FORMAT STRING VULNERABILITY king_purba (Aug 07)