CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
AI Score
Confidence
High
EPSS
Percentile
91.3%
Multiple buffer overflows in the HandleEmotsConfig function in the GG Client in Gadu-Gadu 7.7 Build 3669 allow user-assisted remote attackers to execute arbitrary code or cause a denial of service (gg.exe process crash) via a long string in an emots.txt file.
Vendor | Product | Version | CPE |
---|---|---|---|
gadu-gadu | gadu-gadu_instant_messenger | 7.7 | cpe:2.3:a:gadu-gadu:gadu-gadu_instant_messenger:7.7:build_3669:*:*:*:*:*:* |
securityreason.com/securityalert/3455
vexillium.org/advisory_eng.txt
www.securityfocus.com/archive/1/484077/100/200/threaded
www.securityfocus.com/archive/1/484086/100/200/threaded
www.securityfocus.com/archive/1/484105/100/200/threaded
www.securityfocus.com/archive/1/484119/100/200/threaded
www.securityfocus.com/archive/1/484122/100/200/threaded
www.securityfocus.com/archive/1/484126/100/200/threaded
www.securityfocus.com/archive/1/484607/100/0/threaded