CVE-2007-4550

Description

Format string vulnerability in ALPass 2.7 English and 3.02 Korean might allow user-assisted remote attackers to execute arbitrary code via format string specifiers in an fnm field in a folder-name record in an ALPASS DB (APW) file.

Affected products

• altools / alpass2.7 – 2.7
• altools / alpass3.02 – 3.02

References

• MISChttp://vuln.sg/alpass27-en.html
• VENDOR_ADVISORYhttp://secunia.com/advisories/26616
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/36256
• MISChttp://www.securityfocus.com/bid/25435