CVE-2008-0764

Format string vulnerability in the logging function in Larson Network Print Server (LstNPS) 9.4.2 build 105 and earlier for Windows might allow remote attackers to execute arbitrary code via format string specifiers in a USEP command on TCP port 3114.

Weakness

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

Affected Software

Name	Vendor	Start Version	End Version
Network_print_server	Larson_software_technology	*	9.4.2 (including)

Potential Mitigations

https://cwe.mitre.org/data/definitions/135.html
https://cwe.mitre.org/data/definitions/67.html

References

http://aluigi.altervista.org/adv/lstnpsx-adv.txt
http://secunia.com/advisories/28890
http://www.securityfocus.com/archive/1/487956/100/0/threaded
http://www.securityfocus.com/bid/27732
http://www.vupen.com/english/advisories/2008/0500
https://exchange.xforce.ibmcloud.com/vulnerabilities/40420
http://aluigi.altervista.org/adv/lstnpsx-adv.txt
http://secunia.com/advisories/28890
http://www.securityfocus.com/archive/1/487956/100/0/threaded
http://www.securityfocus.com/bid/27732
http://www.vupen.com/english/advisories/2008/0500
https://exchange.xforce.ibmcloud.com/vulnerabilities/40420

NVD	https://nvd.nist.gov/vuln/detail/CVE-2008-0764
CWE	https://cwe.mitre.org/data/definitions/134.html

Use of Externally-Controlled Format String

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References