Mtp-Target Client Remote Format String Vulnerability
BID:13460
Info
Mtp-Target Client Remote Format String Vulnerability
| Bugtraq ID: | 13460 |
| Class: | Input Validation Error |
| CVE: |
CVE-2005-1401 |
| Remote: | Yes |
| Local: | No |
| Published: | May 02 2005 12:00AM |
| Updated: | Jul 12 2009 02:06PM |
| Credit: | Luigi Auriemma <[email protected]> is credited with the discovery of this issue. |
| Vulnerable: |
Techland XPand Rally 1.1 Techland XPand Rally 1.0 Mtp-Target Mtp-Target 1.2.2 |
| Not Vulnerable: | |
Discussion
Mtp-Target Client Remote Format String Vulnerability
A remote format string vulnerability affects Mtp-Target Client. This issue is due to a failure of the application to securely call a formatted printing function.
An attacker may leverage this issue to execute arbitrary code with the privileges of an unsuspecting user that activated the vulnerable client application.
A remote format string vulnerability affects Mtp-Target Client. This issue is due to a failure of the application to securely call a formatted printing function.
An attacker may leverage this issue to execute arbitrary code with the privileges of an unsuspecting user that activated the vulnerable client application.
Exploit / POC
Mtp-Target Client Remote Format String Vulnerability
The following exploit has been made available:
The following exploit has been made available:
Solution / Fix
Mtp-Target Client Remote Format String Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Mtp-Target Client Remote Format String Vulnerability
References:
References:
- Mtp-Target (Luigi Auriemma)
- MTP-Target Homepage (MTP-Target)
- Xpand Rally format string (Luigi Auriemma
) - Xpand Rally Homepage (Techland)