CVE-2007-1006
Ekiga format string flaw
Severity Score
10.0
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Multiple format string vulnerabilities in the gm_main_window_flash_message function in Ekiga before 2.0.5 allow attackers to cause a denial of service and possibly execute arbitrary code via a crafted Q.931 SETUP packet.
Múltiples vulnerabilidades de cadena de formato en la función gm_main_window_flash_message en Ekiga versiones anteriores a 2.0.5, permiten a atacantes causar una denegación de servicio y posiblemente ejecutar código arbitrario por medio de un paquete SETUP Q.931 especialmente diseñado.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2007-02-19 CVE Reserved
- 2007-02-20 CVE Published
- 2023-12-24 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-134: Use of Externally-Controlled Format String
CAPEC
References (25)
URL | Tag | Source |
---|---|---|
http://labs.musecurity.com/advisories/MU-200702-01.txt | X_refsource_misc | |
http://mail.gnome.org/archives/ekiga-list/2007-February/msg00060.html | Mailing List | |
http://www.ekiga.org/index.php?rub=10&archive=1 | X_refsource_confirm | |
http://www.osvdb.org/31939 | Vdb Entry | |
http://www.securityfocus.com/bid/22613 | Vdb Entry | |
http://www.securitytracker.com/id?1017673 | Vdb Entry | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11642 | Signature |
URL | Date | SRC |
---|
URL | Date | SRC |
---|