PT-2007-6348 · Unknown · Dawn Of Time
Published
2007-10-08
·
Updated
2018-10-15
·
CVE-2007-5265
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions:
Dawn of Time versions 1.69s beta4 and earlier
Description:
The issue allows remote attackers to execute arbitrary code via format string specifiers in the
username or password fields when accessing certain restricted zones. The processWebHeader and filterWebRequest functions do not properly handle these fields.Recommendations:
For Dawn of Time versions 1.69s beta4 and earlier, as a temporary workaround, consider restricting access to the restricted zones until a patch is available. Avoid using format string specifiers in the
username and password fields. Restrict the use of the processWebHeader and filterWebRequest functions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.Exploit
Fix
Use of Externally-Controlled Format String
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dawn Of Time