Vulnerabilities > Use of Externally-Controlled Format String
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-10-06 | CVE-2007-5248 | USE of Externally-Controlled Format String vulnerability in multiple products Multiple format string vulnerabilities in the ID Software Doom 3 engine, as used by Doom 3 1.3.1 and earlier, Quake 4 1.4.2 and earlier, and Prey 1.3 and earlier, when Punkbuster (PB) is enabled, allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in (1) a PB_Y packet to the YPG server or (2) a PB_U packet to UCON. | 9.3 |
| 2007-10-06 | CVE-2007-5247 | USE of Externally-Controlled Format String vulnerability in Monolith Productions First Encounter Assault Recon Multiple format string vulnerabilities in the Monolith Lithtech engine, as used by First Encounter Assault Recon (F.E.A.R.) 1.08 and earlier, when Punkbuster (PB) is enabled, allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in (1) a PB_Y packet to the YPG server on UDP port 27888 or (2) a PB_U packet to UCON on UDP port 27888, different vectors than CVE-2004-1500. | 9.3 |
| 2007-10-03 | CVE-2007-5184 | USE of Externally-Controlled Format String vulnerability in Smbftpd 0.96 Format string vulnerability in the SMBDirList function in dirlist.c in SmbFTPD 0.96 allows remote attackers to execute arbitrary code via format string specifiers in a directory name. | 7.5 |
| 2007-09-12 | CVE-2007-4832 | USE of Externally-Controlled Format String vulnerability in Immersion Games Cellfactor Revolution Format string vulnerability in CellFactor Revolution 1.03 and earlier allows remote attackers to execute arbitrary code via format string specifiers in a malformed nickname. | 7.5 |
| 2007-09-08 | CVE-2007-4754 | USE of Externally-Controlled Format String vulnerability in COR Entertainment Alien Arena 2007 Format string vulnerability in the safe_bprintf function in acesrc/acebot_cmds.c in Alien Arena 2007 6.10 and earlier allows remote attackers to cause a denial of service (daemon crash) via format string specifiers in a nickname. | 7.5 |
| 2007-08-28 | CVE-2007-4550 | USE of Externally-Controlled Format String vulnerability in Altools Alpass 2.7/3.02 Format string vulnerability in ALPass 2.7 English and 3.02 Korean might allow user-assisted remote attackers to execute arbitrary code via format string specifiers in an fnm field in a folder-name record in an ALPASS DB (APW) file. | 5.1 |
| 2007-08-18 | CVE-2007-4273 | USE of Externally-Controlled Format String vulnerability in IBM DB2 Universal Database IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows local users to create arbitrary directories and execute arbitrary code via a "crafted localized message file" that enables a format string attack, possibly involving the (1) OSSEMEMDBG or (2) TRC_LOG_FILE environment variable in db2licd (db2licm). | 4.6 |
| 2007-05-24 | CVE-2007-0753 | USE of Externally-Controlled Format String vulnerability in Apple mac OS X and mac OS X Server Format string vulnerability in the VPN daemon (vpnd) in Apple Mac OS X 10.3.9 and 10.4.9 allows local users to execute arbitrary code via the -i parameter. | 7.2 |
| 2007-05-14 | CVE-2007-2655 | USE of Externally-Controlled Format String vulnerability in Netwin Surgemail and Webmail Unspecified vulnerability in NetWin Webmail 3.1s-1 in SurgeMail before 3.8i2 has unknown impact and remote attack vectors, possibly a format string vulnerability that allows remote code execution. | 7.5 |
| 2007-04-13 | CVE-2007-2027 | USE of Externally-Controlled Format String vulnerability in Elinks 0.11.1 Untrusted search path vulnerability in the add_filename_to_string function in intl/gettext/loadmsgcat.c for Elinks 0.11.1 allows local users to cause Elinks to use an untrusted gettext message catalog (.po file) in a "../po" directory, which can be leveraged to conduct format string attacks. | 4.4 |