CVE-2004-0069 - Format string vulnerability in HD Soft Windows FTP Server 1.6 and earlier allows remote attackers to

CVE-2004-0069

Summary

Format string vulnerability in HD Soft Windows FTP Server 1.6 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the username, which is processed by the wscanf function.

References

http://marc.info/?l=bugtraq&m=107367110805273&w=2
http://marc.info/?l=bugtraq&m=107401398014761&w=2
http://www.securityfocus.com/bid/9385
http://www.securitytracker.com/id?1008658

Vulnerable Configurations

cpe:2.3:a:hd_soft:windows_ftp_server:*:*:*:*:*:*:*:*
cpe:2.3:a:hd_soft:windows_ftp_server:*:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 18-10-2016 - 02:40)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	9385
bugtraq	20040108 Windows FTP Server Format String Vulnerability 20040113 exploit for HD Soft Windows FTP Server 1.6
sectrack	1008658

Last major update

18-10-2016 - 02:40

Published

17-02-2004 - 05:00

Last modified

18-10-2016 - 02:40