Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 27/12/2006 Updated: 07/11/2023

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 828

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Format string vulnerability in the inputAnswer function in file.c in w3m prior to 0.5.2, when run with the dump or backend option, allows remote malicious users to execute arbitrary code via format string specifiers in the Common Name (CN) field of an SSL certificate associated with an https URL.

Vulnerable Product	Search on Vulmon	Subscribe to Product
w3m w3m 0.5.1

CWE-134 http://sourceforge.net/tracker/index.php?func=detail&aid=1612792&group_id=39518&atid=425439 http://www.securityfocus.com/bid/21735 http://securitytracker.com/id?1017440 http://secunia.com/advisories/23492 http://lists.grok.org.uk/pipermail/full-disclosure/2006-December/051457.html http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.044.html http://www.ubuntu.com/usn/usn-399-1 http://secunia.com/advisories/23588 http://www.novell.com/linux/security/advisories/2007_05_w3m.html http://secunia.com/advisories/23717 http://security.gentoo.org/glsa/glsa-200701-06.xml http://secunia.com/advisories/23773 http://fedoranews.org/cms/node/2415 http://fedoranews.org/cms/node/2416 http://secunia.com/advisories/23792 http://w3m.cvs.sourceforge.net/w3m/w3m/file.c?r1=1.249&r2=1.250 http://w3m.cvs.sourceforge.net/w3m/w3m/file.c?view=log http://www.securityfocus.com/bid/24332 http://www.vupen.com/english/advisories/2006/5164 https://exchange.xforce.ibmcloud.com/vulnerabilities/34821 https://exchange.xforce.ibmcloud.com/vulnerabilities/31114 http://w3m.cvs.sourceforge.net/%2Acheckout%2A/w3m/w3m/NEWS?revision=1.79 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2006-6772

Vulnerability Summary

References

Vulmon Search

About

Products

Connect