• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

ProZilla Initial Server Response Remote Client-Side Format String Vulnerability

A remote client-side format string vulnerability is reported to exist in ProZilla. This issue is due to a failure of the application to properly implement a formatted string function. The format string vulnerability manifests when the affected application is handling initial server responses that contain format string specifiers.

An attacker may leverage this issue to execute arbitrary code on an affected computer with the privileges of an unsuspecting user that activated the vulnerable application.

Prozilla versions up to an including version 1.3.7.3 are reported prone to this vulnerability.