CVE-2008-0945 Information

Description

Format string vulnerability in the logging function in the IM Server (aka IMserve or IMserver) in Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in an IP address field.

Reference

http://aluigi.altervista.org/adv/ipsimene-adv.txt http://aluigi.org/poc/ipsimene.zip http://secunia.com/advisories/28824 http://securityreason.com/securityalert/3697 http://www.securityfocus.com/archive/1/487748/100/200/threaded http://www.securityfocus.com/bid/27677