CVE-2005-2550 Information

Description

Format string vulnerability in Evolution 1.4 through 2.3.6.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the calendar entries such as task lists which are not properly handled when the user selects the Calendars tab.

Reference

http://marc.info/?l=full-disclosure&m=112368237712032&w=2 http://secunia.com/advisories/16394 http://secunia.com/advisories/19380 http://www.debian.org/security/2006/dsa-1016 http://www.mandriva.com/security/advisories?name=MDKSA-2005:141 http://www.novell.com/linux/security/advisories/2005_54_evolution.html http://www.redhat.com/archives/fedora-announce-list/2005-August/msg00031.html http://www.redhat.com/support/errata/RHSA-2005-267.html http://www.securityfocus.com/archive/1/407789 http://www.securityfocus.com/bid/14532 http://www.sitic.se/eng/advisories_and_recommendations/sa05-001.html https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A10880 https://usn.ubuntu.com/166-1/