CVE-2004-1214

Name of the Vulnerable Software and Affected Versions: Kreed versions 1.05 and earlier

Description: The issue allows remote attackers to execute arbitrary code via format specifiers in (1) a nickname or (2) message text. This can be achieved by including format specifiers in these fields.

Recommendations: For versions 1.05 and earlier, consider disabling the ability to include format specifiers in user-inputted fields such as nickname and message text until a patch is available. Restrict access to these features to minimize the risk of exploitation.