PT-2012-1949 · Vc.Software · The Ming Blacklist Free
Daoyuan Wu
+2
·
Published
2012-01-25
·
Updated
2012-01-25
·
CVE-2011-4705
CVSS v2.0
5.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
The Ming Blacklist Free (vc.software.blacklist) application versions 1.8.1 and 1.9.2.1
Description
The issue allows remote attackers to read or modify blacklists and a contact list via a crafted application that launches a "data-flow attack." This occurs because the application does not properly protect data.
Recommendations
For version 1.8.1, update to a version that properly protects data to prevent remote attackers from reading or modifying blacklists and contact lists.
For version 1.9.2.1, update to a version that properly protects data to prevent remote attackers from reading or modifying blacklists and contact lists.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
The Ming Blacklist Free