CVE-2007-1002

Related Files

Debian Linux Security Advisory 1325-1

Posted Jun 30, 2007

Authored by Debian | Site debian.org

Debian Security Advisory 1325-1 - Ulf Harnhammer discovered that a format string vulnerability in the handling of shared calendars may allow the execution of arbitrary code. It was discovered that the IMAP code in the Evolution Data Server performs insufficient sanitizing of a value later used an array index, which can lead to the execution of arbitrary code.

tags | advisory, arbitrary, imap

systems | linux, debian

advisories | CVE-2007-1002, CVE-2007-3257

SHA-256 | 68f3b62dbf023e6af4b70073b35b3629fbe220a2bf210b9990f274e68a88c888

Download | Favorite | View

Gentoo Linux Security Advisory 200706-2

Posted Jun 7, 2007

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200706-02 - Ulf Harnhammar from Secunia Research has discovered a format string error in the write_html() function in the file calendar/gui/e-cal-component-memo-preview.c. Versions less than 2.8.3-r2 are affected.

tags | advisory

systems | linux, gentoo

advisories | CVE-2007-1002

SHA-256 | 71360f7d5a83f20506cb31ba8e95914f7f36eb539553e2c72ca0778680ff566f

Download | Favorite | View

Mandriva Linux Security Advisory 2007.070

Posted Mar 28, 2007

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A format string error in the "write_html()" function in calendar/gui/ e-cal-component-memo-preview.c when displaying a memo's categories can potentially be exploited to execute arbitrary code via a specially crafted shared memo containing format specifiers.

tags | advisory, arbitrary

systems | linux, mandriva

advisories | CVE-2007-1002

SHA-256 | 303330030e6f55cb5e27b3158c57236a5547755445f23a98d029aeca2072f934

Download | Favorite | View

Ubuntu Security Notice 442-1

Posted Mar 27, 2007

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 442-1 - Ulf Harnhammar of Secunia Research discovered that Evolution did not correctly handle format strings when displaying shared memos. If a remote attacker tricked a user into viewing a specially crafted shared memo, they could execute arbitrary code with user privileges.

tags | advisory, remote, arbitrary

systems | linux, ubuntu

advisories | CVE-2007-1002

SHA-256 | ccb975c915aa2dbf1654fbfe92d6906c805529dcbf3633ffb4e490a2cee46a49

Download | Favorite | View

secunia-evolution.txt

Posted Mar 22, 2007

Authored by Ulf Harnhammar | Site secunia.com

Secunia Research has discovered a vulnerability in Evolution, which can be exploited by malicious people to potentially compromise a vulnerable system. A format string error in the "write_html()" function in calendar/gui/ e-cal-component-memo-preview.c when displaying a memo's categories can potentially be exploited to execute arbitrary code via a specially crafted shared memo containing format specifiers. Evolution version 2.8.2.1 is affected. Other versions may also be affected.

tags | advisory, arbitrary

advisories | CVE-2007-1002

SHA-256 | 041da7106d89467969e704e26924c8b857c84a03ce6cb4e5b2b92a09948ef4a5

Download | Favorite | View