CVE-2007-6411

Multiple buffer overflows in the HandleEmotsConfig function in the GG Client in Gadu-Gadu 7.7 Build 3669 allow user-assisted remote attackers to execute arbitrary code or cause a denial of service (gg.exe process crash) via a long string in an emots.txt file.

Published: Dec 17, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-6411
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:N/A:P

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
gadu-gadu / gadu-gadu_instant_messenger	7.7-build_3669	7.7-build_3669.x

http://securityreason.com/securityalert/3455
http://vexillium.org/advisory_eng.txt
http://www.securityfocus.com/archive/1/484077/100/200/threaded
http://www.securityfocus.com/archive/1/484086/100/200/threaded
http://www.securityfocus.com/archive/1/484105/100/200/threaded
http://www.securityfocus.com/archive/1/484119/100/200/threaded
http://www.securityfocus.com/archive/1/484122/100/200/threaded
http://www.securityfocus.com/archive/1/484126/100/200/threaded
http://www.securityfocus.com/archive/1/484607/100/0/threaded

Vulnerability Database

290,278

CVE-2007-6411