Hotfoon Corporation: Security Vulnerabilities
Hotfoon 4.0 does not notify users before opening links in web browsers, which could allow remote attackers to execute arbitrary code via a certain link sent in a chat window.
CVSS Score
5.0
EPSS Score
0.009
Published
2004-12-31
hotfoon4.exe in Hotfoon 4.00 stores user names and passwords in cleartext in the hotfoon2 registry key, which allows local users to gain access to user accounts and steal phone service.
CVSS Score
3.6
EPSS Score
0.001
Published
2002-12-31
Buffer overflow in hotfoon4.exe in Hotfoon 4.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL containing a long voice phone number.
CVSS Score
7.5
EPSS Score
0.054
Published
2002-12-31