BugTraq
Back to list
|
Post reply
IMENDIO PLANNER REMOTE FILENAME FORMAT STRING VULNERABILITY
Aug 07 2006 08:59AM
king_purba yahoo co uk
By : LoneEagle
E-mail : king_purba (at) yahoo.co (dot) uk [email concealed]
http://kandangjamur.net
Affected :
IMENDIO PLANNER 0.13
PROJECT MANAGEMENT FEDORA 4.
Impact : System Acces
From : Remote
Severity : Moderately Critical
Description:
------------
Imendio planner was failed when opening file name format string.
Remote attacker can exploit this vulnerabilty by creating a malicious
filename that contain format string specifier. Successfull attacking can be used
for executing arbitrary code.
Solution :
----------
Don't open file from untursted source.
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
E-mail : king_purba (at) yahoo.co (dot) uk [email concealed]
http://kandangjamur.net
Affected :
IMENDIO PLANNER 0.13
PROJECT MANAGEMENT FEDORA 4.
Impact : System Acces
From : Remote
Severity : Moderately Critical
Description:
------------
Imendio planner was failed when opening file name format string.
Remote attacker can exploit this vulnerabilty by creating a malicious
filename that contain format string specifier. Successfull attacking can be used
for executing arbitrary code.
Solution :
----------
Don't open file from untursted source.
[ reply ]