• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Easy Address Book Web Server Remote Format String Vulnerability

Easy Address Book Web Server is prone to a remote format-string vulnerability because the application fails to properly sanitize user-supplied data before including it in the format-specifier argument to a formatted-printing function.

This issue allows remote attackers to execute arbitrary machine code in the context of the affected server process, facilitating the complete compromise of affected computers. Failed exploit attempts will likely crash the service.

Easy Address Book Web Server version 1.2 is vulnerable to this issue; other versions may also be affected.