CVE-2007-2352 - Multiple format string vulnerabilities in AFFLIB 2.2.6 allow remote attackers to execute arbitrary c

CVE-2007-2352

Summary

Multiple format string vulnerabilities in AFFLIB 2.2.6 allow remote attackers to execute arbitrary code via certain command line parameters, which are used in (1) warn and (2) err calls, possibly involving (a) lib/s3.cpp, (b) tools/afconvert.cpp, (c) tools/afcopy.cpp, (d) tools/afinfo.cpp, (e) aimage/imager.cpp, and (f) tools/afxml.cpp. NOTE: this identifier is intended to address the vectors that were not fixed in CVE-2007-2054, but the unfixed vectors were not explicitly listed. The vendor has addressed this issue with the following product update: http://www.afflib.org/downloads/

References

Vulnerable Configurations

cpe:2.3:a:afflib:afflib:*:*:*:*:*:*:*:*
cpe:2.3:a:afflib:afflib:*:*:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 16-10-2018 - 16:43)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bugtraq	20070427 AFFLIB(TM): Multiple Format String Injections
misc	http://www.vsecurity.com/bulletins/advisories/2007/afflib-fmtstr.txt
sreason	2657

Last major update

16-10-2018 - 16:43

Published

30-04-2007 - 22:19

Last modified

16-10-2018 - 16:43