CVE-2007-2652 Information

Description

Multiple unspecified vulnerabilities in Free-SA before 1.2.2 allow remote attackers to execute arbitrary code via unspecified vectors involving certain (1) sprintf and (2) vsprintf calls in (a) r_index.c (b) r_reports.c (c) r_topsites.c (d) r_topuser.c (e) r_typical.c (f) r_userdatetime.c and (g) r_users.c in reports/; and (h) w_fs.c (i) w_internal.c and (j) w_log_operations.c in work/ probably related to buffer overflows. NOTE: some of these details are obtained from third party information.

Reference

http://sourceforge.net/project/shownotes.php?release_id=500691&group_id=191513 http://www.securityfocus.com/bid/23924 http://www.vupen.com/english/advisories/2007/1757 https://exchange.xforce.ibmcloud.com/vulnerabilities/34218