CVE-2005-3887

Name of the Vulnerable Software and Affected Versions Gadu-Gadu version 7.20

Description The issue arises from the improper handling of MS-DOS device names in filenames. This can be exploited by remote attackers in two ways: (1) to cause a denial of service by sending an image filename of AUX: twice, which results in a hang, (2) to write to the LPT1 port via a filename of LPT1:.

Recommendations For Gadu-Gadu version 7.20, consider restricting the use of filenames that contain MS-DOS device names to prevent potential exploitation. Avoid using filenames such as AUX: or LPT1: to minimize the risk of a denial of service or unauthorized access to the LPT1 port. At the moment, there is no information about a newer version that contains a fix for this vulnerability.