Format string vulnerability in ProZilla 1.3.7.3 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the Location header.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Prozilla_download_accelerator | Prozilla | 1.3.0 (including) | 1.3.0 (including) |
| Prozilla_download_accelerator | Prozilla | 1.3.1 (including) | 1.3.1 (including) |
| Prozilla_download_accelerator | Prozilla | 1.3.2 (including) | 1.3.2 (including) |
| Prozilla_download_accelerator | Prozilla | 1.3.3 (including) | 1.3.3 (including) |
| Prozilla_download_accelerator | Prozilla | 1.3.4 (including) | 1.3.4 (including) |
| Prozilla_download_accelerator | Prozilla | 1.3.5 (including) | 1.3.5 (including) |
| Prozilla_download_accelerator | Prozilla | 1.3.5.1 (including) | 1.3.5.1 (including) |
| Prozilla_download_accelerator | Prozilla | 1.3.5.2 (including) | 1.3.5.2 (including) |
| Prozilla_download_accelerator | Prozilla | 1.3.6 (including) | 1.3.6 (including) |
References
- http://deicide.siyahsapka.org/exploits/proz_ex2.c
- http://www.debian.org/security/2005/dsa-719
- http://www.securiteam.com/exploits/5WP082KEUW.html
- http://www.securityfocus.com/bid/12635
- http://deicide.siyahsapka.org/exploits/proz_ex2.c
- http://www.debian.org/security/2005/dsa-719
- http://www.securiteam.com/exploits/5WP082KEUW.html
- http://www.securityfocus.com/bid/12635