CVE-2009-1262 Information

Description

Format string vulnerability in Fortinet FortiClient 3.0.614 and possibly earlier allows local users to execute arbitrary code via format string specifiers in the VPN connection name.

Reference

http://lists.grok.org.uk/pipermail/full-disclosure/2009-April/068583.html http://osvdb.org/53266 http://secunia.com/advisories/34524 http://www.layereddefense.com/FortiClient02Apr.html http://www.securityfocus.com/archive/1/502354/100/0/threaded http://www.securityfocus.com/archive/1/502602/100/0/threaded http://www.securityfocus.com/bid/34343 http://www.securitytracker.com/id?1021966 http://www.vupen.com/english/advisories/2009/0941 https://exchange.xforce.ibmcloud.com/vulnerabilities/49633