Vavoom Multiple Remote Vulnerabilities

vendor:

Vavoom

by:

Unknown

N/A

CVSS

N/A

Buffer Overflow, Format String, Denial of Service

Unknown

CWE

Product Name: Vavoom

Affected Version From: Vavoom 1.24

Affected Version To: Unknown

Patch Exists: Unknown

Related CWE: Unknown

CPE: Unknown

Metasploit:

Other Scripts:

Platforms Tested:

Unknown

Vavoom Multiple Remote Vulnerabilities

An attacker can exploit these issues to execute arbitrary code within the context of the affected application or crash the application, denying service to legitimate users.For the buffer-overflow vulnerability, the attacker opens the 'vavoombasevdoom2config.cfg' file, and adds the following lines:'alias bof "say aaa...(992_'a's)...aaa" name ''aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'' '

Mitigation:

Unknown

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/25436/info
  
Vavoom is prone to multiple remote vulnerabilities, including a buffer-overflow issue, a format-string issue, and a denial-of-service issue.
  
An attacker can exploit these issues to execute arbitrary code within the context of the affected application or crash the application, denying service to legitimate users.
  
Vavoom 1.24 is vulnerable; prior versions may also be affected. 

For the buffer-overflow vulnerability, the attacker opens the 'vavoom\basev\doom2\config.cfg' file, and adds the following lines:'alias bof "say aaa...(992_'a's)...aaa" name ''aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'' '