<<< Date Index >>>     <<< Thread Index >>>

IMENDIO PLANNER REMOTE FILENAME FORMAT STRING VULNERABILITY

By : LoneEagle 
E-mail : king_purba@xxxxxxxxxxx
http://kandangjamur.net
Affected :
IMENDIO PLANNER 0.13
PROJECT MANAGEMENT FEDORA 4.
Impact : System Acces
>From : Remote
Severity : Moderately Critical

Description:
------------
Imendio planner was failed when opening file name format string.
Remote attacker can exploit this vulnerabilty by creating a malicious 
filename that contain format string specifier. Successfull attacking can be 
used 
for executing arbitrary code.

Solution :
----------
Don't open file from untursted source.