header-logo
Suggest Exploit
vendor:
Easy Address Book Web Server
by:
SecurityFocus
7.5
CVSS
HIGH
Format String Vulnerability
134
CWE
Product Name: Easy Address Book Web Server
Affected Version From: 1.2
Affected Version To: 1.2
Patch Exists: NO
Related CWE: N/A
CPE: //a:easy_address_book_web_server
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

Easy Address Book Web Server Format String Vulnerability

Easy Address Book Web Server is prone to a remote format-string vulnerability because the application fails to properly sanitize user-supplied data before including it in the format-specifier argument to a formatted-printing function. This issue allows remote attackers to execute arbitrary machine code in the context of the affected server process, facilitating the complete compromise of affected computers. Failed exploit attempts will likely crash the service.

Mitigation:

Input validation should be used to ensure that user-supplied data is properly sanitized.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/19842/info

Easy Address Book Web Server is prone to a remote format-string vulnerability because the application fails to properly sanitize user-supplied data before including it in the format-specifier argument to a formatted-printing function.

This issue allows remote attackers to execute arbitrary machine code in the context of the affected server process, facilitating the complete compromise of affected computers. Failed exploit attempts will likely crash the service.

Easy Address Book Web Server version 1.2 is vulnerable to this issue; other versions may also be affected.

http://www.example.com/?%25n

Navigation

Suggest Exploit

Services By CQR