Easy Address Book Web Server 1.2 - Remote Format String

EDB-ID:

28489




Platform:

Windows

Date:

2006-09-04


source: https://www.securityfocus.com/bid/19842/info

Easy Address Book Web Server is prone to a remote format-string vulnerability because the application fails to properly sanitize user-supplied data before including it in the format-specifier argument to a formatted-printing function.

This issue allows remote attackers to execute arbitrary machine code in the context of the affected server process, facilitating the complete compromise of affected computers. Failed exploit attempts will likely crash the service.

Easy Address Book Web Server version 1.2 is vulnerable to this issue; other versions may also be affected.

http://www.example.com/?%25n