header-logo
Suggest Exploit
vendor:
Vavoom
by:
7.5
CVSS
HIGH
Buffer Overflow, Format String, Denial of Service
CWE
Product Name: Vavoom
Affected Version From:
Affected Version To: 1.23
Patch Exists: YES
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

Multiple vulnerabilities in Vavoom

An attacker can exploit these issues to execute arbitrary code within the context of the affected application or crash the application, denying service to legitimate users.

Mitigation:

Update to version 1.24 or later.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/25436/info

Vavoom is prone to multiple remote vulnerabilities, including a buffer-overflow issue, a format-string issue, and a denial-of-service issue.

An attacker can exploit these issues to execute arbitrary code within the context of the affected application or crash the application, denying service to legitimate users.

Vavoom 1.24 is vulnerable; prior versions may also be affected. 

For the format-string vulnerability, an attacker sends a chat message containing '%n%n%n%n%s' string.

Navigation

Suggest Exploit

Services By CQR