Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5265

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2007-5265
Last Modified 07 Mar 2011 10:00:24
Published 08 Oct 2007 05:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-5265

Summary

Multiple format string vulnerabilities in websrv.cpp in Dawn of Time 1.69s beta4 and earlier allow remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) password fields when accessing certain "restricted zones", which are not properly handled by the (a) processWebHeader and (b) filterWebRequest functions.

Vulnerable Systems

Application

  • Dawnoftime Dawn Of Time 1.69s Beta4


References

VUPEN - ADV-2007-3418

BID - 25944

BUGTRAQ - 20071005 Format string in The Dawn of Time 1.69s beta4

SECUNIA - 27083

MISC - http://forums.dawnoftime.org/viewtopic.php?t=2102

MISC - http://aluigi.altervista.org/adv/dawnfs-adv.txt

XF - dawntime-httpauthentication-format-string(36973)

SREASON - 3201


Last Updated: 27 May 2016 10:46:08