Published: 02/05/2005 Updated: 05/09/2008

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Format string vulnerability in bidwatcher prior to 1.3.17 allows remote malicious web servers from eBay, or a spoofed eBay server, to cause a denial of service and possibly execute arbitrary code via certain responses.

Vulnerable Product	Search on Vulmon	Subscribe to Product
bidwatcher bidwatcher 1.0.5
bidwatcher bidwatcher 1.1.7
bidwatcher bidwatcher 1.3.1
bidwatcher bidwatcher 1.3.11
bidwatcher bidwatcher 1.3.16
bidwatcher bidwatcher 1.3.3
bidwatcher bidwatcher 1.1.2
bidwatcher bidwatcher 1.1.8
bidwatcher bidwatcher 1.3.0_beta
bidwatcher bidwatcher 1.3.10
bidwatcher bidwatcher 1.3.2
bidwatcher bidwatcher 1.3.4
bidwatcher bidwatcher 1.3.12
bidwatcher bidwatcher 1.3.13
bidwatcher bidwatcher 1.3.14
bidwatcher bidwatcher 1.3.15
bidwatcher bidwatcher 1.1.9
bidwatcher bidwatcher 1.1.9.1
bidwatcher bidwatcher 1.1.9.2
bidwatcher bidwatcher 1.2.0
bidwatcher bidwatcher 1.3.5
bidwatcher bidwatcher 1.3.6
bidwatcher bidwatcher 1.3.7
bidwatcher bidwatcher 1.3.8
bidwatcher bidwatcher 1.3.9

Ulf Härnhammar from the Debian Security Audit Project discovered a format string vulnerability in bidwatcher, a tool for watching and bidding on eBay auctions This problem can be triggered remotely by a web server of eBay, or someone pretending to be eBay, sending certain data back As of version 1317 the program uses cURL and is not vulnerable ...

NVD-CWE-Other http://www.debian.org/security/2005/dsa-687 http://www.gentoo.org/security/en/glsa/glsa-200503-06.xml https://nvd.nist.gov https://www.debian.org/security/./dsa-687

CVE-2005-0158

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect