Lucene search

FlexeraCVE-2007-5396

HistoryNov 10, 2007 - 12:46 a.m.

CVE-2007-5396

2007-11-1000:46:00

CWE-134

flexera

web.nvd.nist.gov

nvd

cve-2007-5396

miranda im

format string vulnerability

remote code execution

yahoo! handle

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.6

Confidence

High

EPSS

0.059

Percentile

93.6%

JSON

Format string vulnerability in the ext_yahoo_contact_added function in yahoo.c in Miranda IM 0.7.1 allows remote attackers to execute arbitrary code via a Y7 Buddy Authorization packet with format string specifiers in the contact Yahoo! handle (who).

Affected configurations

Nvd

Node

miranda-immiranda_imMatch0.7.1

VendorProductVersionCPE
miranda-immiranda_im0.7.1cpe:2.3:a:miranda-im:miranda_im:0.7.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
miranda-im	miranda_im	0.7.1	cpe:2.3:a:miranda-im:miranda_im:0.7.1:::::::*

References

miranda.svn.sourceforge.net/viewvc/miranda/trunk/miranda/protocols/Yahoo/yahoo.c?r1=6601&r2=6699&diff_format=l

secunia.com/advisories/27402

secunia.com/secunia_research/2007-89/advisory/

www.securityfocus.com/bid/26389

www.vupen.com/english/advisories/2007/3823

exchange.xforce.ibmcloud.com/vulnerabilities/38362

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.6

Confidence

High

EPSS

0.059

Percentile

93.6%

JSON

Related for CVE-2007-5396