CVE-2007-5265

critical

Description

Multiple format string vulnerabilities in websrv.cpp in Dawn of Time 1.69s beta4 and earlier allow remote attackers to execute arbitrary code via format string specifiers in the (1) username or (2) password fields when accessing certain "restricted zones", which are not properly handled by the (a) processWebHeader and (b) filterWebRequest functions.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/36973

http://www.vupen.com/english/advisories/2007/3418

http://www.securityfocus.com/archive/1/481619/100/0/threaded

http://securityreason.com/securityalert/3201

http://secunia.com/advisories/27083

http://forums.dawnoftime.org/viewtopic.php?t=2102

Details

Source: Mitre, NVD

Published: 2007-10-08

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.0533