AOH :: HP Unsorted I :: B06-4070.HTM

IMENDIO PLANNER REMOTE FILENAME FORMAT STRING VULNERABILITY



IMENDIO PLANNER REMOTE FILENAME FORMAT STRING VULNERABILITY
IMENDIO PLANNER REMOTE FILENAME FORMAT STRING VULNERABILITY



By : LoneEagle =0D
E-mail : king_purba@yahoo.co.uk=0D 
http://kandangjamur.net=0D 
Affected :=0D
IMENDIO PLANNER 0.13=0D
PROJECT MANAGEMENT FEDORA 4.=0D
Impact : System Acces=0D
>From : Remote=0D
Severity : Moderately Critical=0D
=0D
Description:=0D
------------=0D
Imendio planner was failed when opening file name format string.=0D
Remote attacker can exploit this vulnerabilty by creating a malicious =0D
filename that contain format string specifier. Successfull attacking can be used =0D
for executing arbitrary code.=0D
=0D
Solution :=0D
----------=0D
Don't open file from untursted source.

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.