VYPR

CWE-134

Use of Externally-Controlled Format String

BaseDraftLikelihood: High

Description

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-135 · CAPEC-67

CVEs mapped to this weakness (252)

page 12 of 13
  • CVE-2007-4708Dec 19, 2007
    risk 0.00cvss epss 0.05

    Format string vulnerability in Address Book in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via the URL handler.

  • CVE-2007-6183Nov 30, 2007
    risk 0.00cvss epss 0.03

    Format string vulnerability in the mdiag_initialize function in gtk/src/rbgtkmessagedialog.c in Ruby-GNOME 2 (aka Ruby/Gnome2) 0.16.0, and SVN versions before 20071127, allows context-dependent attackers to execute arbitrary code via format string specifiers in the message…

  • CVE-2007-3880Nov 14, 2007
    risk 0.00cvss epss 0.00

    Format string vulnerability in srsexec in Sun Remote Services (SRS) Net Connect 3.2.3 and 3.2.4, as distributed in the SRS Proxy Core (SUNWsrspx) package, allows local users to gain privileges via format string specifiers in unspecified input that is logged through syslog.

  • CVE-2007-5396Nov 10, 2007
    risk 0.00cvss epss 0.02

    Format string vulnerability in the ext_yahoo_contact_added function in yahoo.c in Miranda IM 0.7.1 allows remote attackers to execute arbitrary code via a Y7 Buddy Authorization packet with format string specifiers in the contact Yahoo! handle (who).

  • CVE-2007-5825Nov 5, 2007
    risk 0.00cvss epss 0.04

    Format string vulnerability in the ws_addarg function in webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to execute arbitrary code via a stats method action to /xml-rpc with format string specifiers in the (1) username or (2) password…

  • CVE-2007-5545Oct 18, 2007
    risk 0.00cvss epss 0.03

    Format string vulnerability in TIBCO SmartPGM FX allows remote attackers to execute arbitrary code via format string specifiers in unspecified vectors. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a…

  • CVE-2007-3675Oct 12, 2007
    risk 0.00cvss epss 0.05

    Multiple format string vulnerabilities in the kavwebscan.CKAVWebScan ActiveX control (kavwebscan.dll) in Kaspersky Online Scanner before 5.0.98 allow remote attackers to execute arbitrary code via format string specifiers in "various string formatting functions," which trigger…

  • CVE-2007-3917Oct 11, 2007
    risk 0.00cvss epss 0.02

    The multiplayer engine in Wesnoth 1.2.x before 1.2.7 and 1.3.x before 1.3.9 allows remote servers to cause a denial of service (crash) via a long message with multibyte characters that can produce an invalid UTF-8 string after it is truncated, which triggers an uncaught…

  • CVE-2007-5262Oct 8, 2007
    risk 0.00cvss epss 0.04

    Multiple format string vulnerabilities in Battlefront Dropteam 1.3.3 and earlier allow remote attackers to execute arbitrary code via format string specifiers in the (1) username, (2) password, and (3) nickname fields in a "0x01" packet.

  • CVE-2007-5247Oct 6, 2007
    risk 0.00cvss epss 0.05

    Multiple format string vulnerabilities in the Monolith Lithtech engine, as used by First Encounter Assault Recon (F.E.A.R.) 1.08 and earlier, when Punkbuster (PB) is enabled, allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format…

  • CVE-2007-4832Sep 12, 2007
    risk 0.00cvss epss 0.04

    Format string vulnerability in CellFactor Revolution 1.03 and earlier allows remote attackers to execute arbitrary code via format string specifiers in a malformed nickname.

  • CVE-2007-4550Aug 28, 2007
    risk 0.00cvss epss 0.04

    Format string vulnerability in ALPass 2.7 English and 3.02 Korean might allow user-assisted remote attackers to execute arbitrary code via format string specifiers in an fnm field in a folder-name record in an ALPASS DB (APW) file.

  • CVE-2007-4273Aug 18, 2007
    risk 0.00cvss epss 0.00

    IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows local users to create arbitrary directories and execute arbitrary code via a "crafted localized message file" that enables a format string attack, possibly involving the (1) OSSEMEMDBG or (2) TRC_LOG_FILE environment…

  • CVE-2007-2655May 14, 2007
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in NetWin Webmail 3.1s-1 in SurgeMail before 3.8i2 has unknown impact and remote attack vectors, possibly a format string vulnerability that allows remote code execution.

  • CVE-2007-1006Feb 20, 2007
    risk 0.00cvss epss 0.04

    Multiple format string vulnerabilities in the gm_main_window_flash_message function in Ekiga before 2.0.5 allow attackers to cause a denial of service and possibly execute arbitrary code via a crafted Q.931 SETUP packet.

  • CVE-2006-6772Dec 27, 2006
    risk 0.00cvss epss 0.05

    Format string vulnerability in the inputAnswer function in file.c in w3m before 0.5.2, when run with the dump or backend option, allows remote attackers to execute arbitrary code via format string specifiers in the Common Name (CN) field of an SSL certificate associated with an…

  • CVE-2006-3628Jul 21, 2006
    risk 0.00cvss epss 0.06

    Multiple format string vulnerabilities in Wireshark (aka Ethereal) 0.10.x to 0.99.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) ANSI MAP, (2) Checkpoint FW-1, (3) MQ, (4) XML, and (5) NTP dissectors.

  • CVE-2006-3573Jul 13, 2006
    risk 0.00cvss epss 0.06

    Format string vulnerability in the WriteText function in agl_text.cpp in Milan Mimica Sparklet 0.9.4 and earlier allows remote attackers to execute arbitrary code via format string specifiers in a player nickname.

  • CVE-2006-1471Jun 27, 2006
    risk 0.00cvss epss 0.00

    Format string vulnerability in the CF_syslog function launchd in Apple Mac OS X 10.4 up to 10.4.6 allows local users to execute arbitrary code via format string specifiers that are not properly handled in a syslog call in the logging facility, as demonstrated by using a crafted…

  • CVE-2006-2453May 28, 2006
    risk 0.00cvss epss 0.02

    Multiple unspecified format string vulnerabilities in Dia have unspecified impact and attack vectors, a different set of issues than CVE-2006-2480.