PT-2004-3280 · Sredird+1 · Sredird+1
Publicado
2004-12-31
·
Atualizado
2017-07-11
·
CVE-2004-2386
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions:
sercd versions prior to 2.3.1
sredird versions prior to 2.2.1
Description:
The issue is related to a format string vulnerability in the LogMsg function. This vulnerability allows remote attackers to execute arbitrary code via format string specifiers passed from the HandleCPCCommand function.
Recommendations:
For sercd versions prior to 2.3.1, update to version 2.3.1 or later.
For sredird versions prior to 2.2.1, update to version 2.2.1 or later.
Correção
Use of Externally-Controlled Format String
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Sercd
Sredird