tftpd32 Format string

Risk: Medium
Local: Yes
Remote: Yes
CWE: CWE-Other

CVSS Base Score: 5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: None
Integrity impact: None
Availability impact: Partial

Critical security advisory #006 Tftpd32 2.81 Format String + DoS PoC Critical Security - 22:03 2006.01.19 Critical Security research: Product site: Credits : Critical Security Team ( Original Advisory: Due to incorrect use of format strings there is a possibility of remote code execution. You can trigger this vulnerability by sending SEND or GET request with a specially formated string. Vulnerable code: LEA ECX,DWORD PTR SS:[ESP+430] LEA EAX,DWORD PTR SS:[ESP+1C] PUSH ECX ; /Arglist PUSH EDX ; |Format PUSH EAX ; |s = 00E6F4E8 CALL DWORD PTR DS:[<&USER32.wvsprintfA>] ; wvsprintfA Proof of concept exploit:

Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022,


Back to Top