Techland XPand Rally Remote Format String Vulnerability
BID:12772
Info
Techland XPand Rally Remote Format String Vulnerability
| Bugtraq ID: | 12772 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 10 2005 12:00AM |
| Updated: | Mar 10 2005 12:00AM |
| Credit: | Luigi Auriemma <[email protected]> is credited with the discovery of this issue. |
| Vulnerable: |
Techland XPand Rally 1.1 Techland XPand Rally 1.0 |
| Not Vulnerable: | |
Discussion
Techland XPand Rally Remote Format String Vulnerability
A remote format string vulnerability affects XPand Rally. This issue is due to a failure of the application to securely call a formatted printing function.
An attacker may leverage this issue to execute arbitrary code with the privileges of an unsuspecting user that activated the vulnerable server or client application.
A remote format string vulnerability affects XPand Rally. This issue is due to a failure of the application to securely call a formatted printing function.
An attacker may leverage this issue to execute arbitrary code with the privileges of an unsuspecting user that activated the vulnerable server or client application.
Exploit / POC
Techland XPand Rally Remote Format String Vulnerability
The following exploit has been made available:
The following exploit has been made available:
Solution / Fix
Techland XPand Rally Remote Format String Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Techland XPand Rally Remote Format String Vulnerability
References:
References:
- Xpand Rally format string (Luigi Auriemma
- Xpand Rally Homepage (Techland)