Computer Security

elinks format string vulnerability
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



elinks format string vulnerability
Published:16.04.2007
Source:CVE
SecurityVulns ID:7585
Type:local
Level:5/10
Description:Relative path is used to search text strings (.po) file. It makes it possible to spoof the file and to conduct format string attack.
Affected:ELINKS : elinks 0.11
CVE:CVE-2007-2027 (Untrusted search path vulnerability in the add_filename_to_string function in intl/gettext/loadmsgcat.c for Elinks 0.11.1 allows local users to cause Elinks to use an untrusted gettext message catalog (.po file) in a "../po" directory, which can be leveraged to conduct format string attacks.)
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server