[VIM] Vendor ACK and version corrections for gxine (CAN-2005-1692)
Steven M. Christey
coley at mitre.org
Thu May 26 13:06:33 EDT 2005
CVE was just informed by Darren Salt, a gxine developer, that the
affected versions in the gxine format string issue (CAN-2005-1692) are
0.4.1 through 0.4.4, and *not* "0.41 through 0.44" as originally
disclosed by the researcher.
In addition, the changelog makes it clear that there is vendor
An item for 0.4.5 says "SECURITY FIX (pst.advisory 2005-21)
Remotely-exploitable missing-format-string vulnerability in some
message dialogue boxes."
Reference: BUGTRAQ:20050521 pst.advisory 2005-21: gxine remote exploitable . opensource is god .lol windows
Format string vulnerability in gxine 0.4.1 through 0.4.4 allows remote
attackers to execute arbitrary code via a ram file with a URL whose
hostname contains format string specifiers.
More information about the VIM