CVE-2006-6664

Format string vulnerability in Marathon Aleph One before 0.17.1 and 2006-12-17 might allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in the TopLevelLogger::logMessageV function in Misc/Logging.cpp. NOTE: some details were obtained from third party information.

Published: Dec 21, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-6664
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:N/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
marathon_aleph_one / marathon_aleph_one	-	0.17.x
marathon_aleph_one / marathon_aleph_one	-	2006-12-02.x

http://marathon.sourceforge.net/release-notes/20061202.html
http://secunia.com/advisories/23380
http://sourceforge.net/project/shownotes.php?release_id=471964
http://sourceforge.net/project/shownotes.php?release_id=471971
http://www.vupen.com/english/advisories/2006/5064

Vulnerability Database

290,273

CVE-2006-6664