Vulnerability Details CVE-2004-0834
Format string vulnerability in Speedtouch USB driver before 1.3.1 allows local users to execute arbitrary code via (1) modem_run, (2) pppoa2, or (3) pppoa3.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 15.7%
CVSS Severity
CVSS v2 Score 7.2
References
- http://sourceforge.net/project/showfiles.php?group_id=32758&package_id=28264&release_id=271734
- http://speedtouch.sourceforge.net/index.php?/news.en.html
- http://www.mail-archive.com/speedtouch%40ml.free.fr/msg06688.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17792
- http://sourceforge.net/project/showfiles.php?group_id=32758&package_id=28264&release_id=271734
- http://speedtouch.sourceforge.net/index.php?/news.en.html
- http://www.mail-archive.com/speedtouch%40ml.free.fr/msg06688.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17792
Products affected by CVE-2004-0834
-
cpe:2.3:a:mandrakesoft:mandrake_multi_network_firewall:8.2
-
cpe:2.3:a:speedtouch:speedtouch_usb_driver:1.0
-
cpe:2.3:a:speedtouch:speedtouch_usb_driver:1.1
-
cpe:2.3:a:speedtouch:speedtouch_usb_driver:1.2
-
cpe:2.3:a:speedtouch:speedtouch_usb_driver:1.2_beta1
-
cpe:2.3:a:speedtouch:speedtouch_usb_driver:1.2_beta2
-
cpe:2.3:a:speedtouch:speedtouch_usb_driver:1.2_beta3
-
cpe:2.3:a:speedtouch:speedtouch_usb_driver:1.3
-
cpe:2.3:o:gentoo:linux:1.4
-
cpe:2.3:o:mandrakesoft:mandrake_linux:10.0
-
cpe:2.3:o:mandrakesoft:mandrake_linux:10.1
-
cpe:2.3:o:mandrakesoft:mandrake_linux:8.2
-
cpe:2.3:o:mandrakesoft:mandrake_linux:9.0
-
cpe:2.3:o:mandrakesoft:mandrake_linux:9.1
-
cpe:2.3:o:mandrakesoft:mandrake_linux:9.2
-
cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1