CVE-2007-2318 - Multiple format string vulnerabilities in FileZilla before 2.2.32 allow remote attackers to execute

CVE-2007-2318

Summary

Multiple format string vulnerabilities in FileZilla before 2.2.32 allow remote attackers to execute arbitrary code via format string specifiers in (1) FTP server responses or (2) data sent by an FTP server. NOTE: some of these details are obtained from third party information.

References

http://osvdb.org/34436
http://osvdb.org/34437
http://secunia.com/advisories/24894
http://sourceforge.net/project/shownotes.php?release_id=501534&group_id=21558
http://www.securityfocus.com/bid/23506

Vulnerable Configurations

cpe:2.3:a:filezilla:filezilla:*:*:*:*:*:*:*:*
cpe:2.3:a:filezilla:filezilla:*:*:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 13-11-2008 - 06:38)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

refmap via4

bid	23506
confirm	http://sourceforge.net/project/shownotes.php?release_id=501534&group_id=21558
osvdb	34436 34437
secunia	24894

Last major update

13-11-2008 - 06:38

Published

26-04-2007 - 21:19

Last modified

13-11-2008 - 06:38