Vulnerability Details CVE-2004-0007
Buffer overflow in the Extract Info Field Function for (1) MSN and (2) YMSG protocol handlers in Gaim 0.74 and earlier, and Ultramagnetic before 0.81, allows remote attackers to cause a denial of service and possibly execute arbitrary code.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.244
EPSS Ranking 95.8%
CVSS Severity
CVSS v2 Score 7.5
References
- http://archives.neohapsis.com/archives/fulldisclosure/2004-01/0994.html
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000813
- http://marc.info/?l=bugtraq&m=107513690306318&w=2
- http://marc.info/?l=bugtraq&m=107522432613022&w=2
- http://security.e-matters.de/advisories/012004.html
- http://security.gentoo.org/glsa/glsa-200401-04.xml
- http://ultramagnetic.sourceforge.net/advisories/001.html
- http://www.debian.org/security/2004/dsa-434
- http://www.kb.cert.org/vuls/id/197142
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:006
- http://www.osvdb.org/3733
- http://www.redhat.com/support/errata/RHSA-2004-032.html
- http://www.redhat.com/support/errata/RHSA-2004-033.html
- http://www.securityfocus.com/advisories/6281
- http://www.securityfocus.com/bid/9489
- http://www.securitytracker.com/id?1008850
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.361158
- https://exchange.xforce.ibmcloud.com/vulnerabilities/14946
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A819
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9906
- http://archives.neohapsis.com/archives/fulldisclosure/2004-01/0994.html
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000813
- http://marc.info/?l=bugtraq&m=107513690306318&w=2
- http://marc.info/?l=bugtraq&m=107522432613022&w=2
- http://security.e-matters.de/advisories/012004.html
- http://security.gentoo.org/glsa/glsa-200401-04.xml
- http://ultramagnetic.sourceforge.net/advisories/001.html
- http://www.debian.org/security/2004/dsa-434
- http://www.kb.cert.org/vuls/id/197142
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:006
- http://www.osvdb.org/3733
- http://www.redhat.com/support/errata/RHSA-2004-032.html
- http://www.redhat.com/support/errata/RHSA-2004-033.html
- http://www.securityfocus.com/advisories/6281
- http://www.securityfocus.com/bid/9489
- http://www.securitytracker.com/id?1008850
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.361158
- https://exchange.xforce.ibmcloud.com/vulnerabilities/14946
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A819
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9906
Products affected by CVE-2004-0007
-
cpe:2.3:a:rob_flynn:gaim:*
-
cpe:2.3:a:ultramagnetic:ultramagnetic:*