CVE-2008-0945

Name of the Vulnerable Software and Affected Versions Ipswitch Instant Messaging versions 2.0.8.1 and earlier

Description The issue is related to a format string vulnerability in the logging function of the IM Server. This vulnerability can be exploited by remote authenticated users who can cause a denial of service, leading to a daemon crash, and potentially have other unspecified impacts. The exploitation occurs through the use of format string specifiers in an IP address field.

Recommendations For Ipswitch Instant Messaging versions 2.0.8.1 and earlier, consider disabling the logging function temporarily as a workaround to minimize the risk of exploitation. Restrict access to the IM Server to only necessary users to reduce the potential for remote authenticated attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.