FreeBSD : vinagre -- format string vulnerability (214e8e07-d369-11dd-b800-001b77d09812)
Medium Nessus Plugin ID 35284
The remote FreeBSD host is missing a security-related update.
CORE Security Technologies reports : A format string error has been found on the vinagre_utils_show_error() function that can be exploited via commands issued from a malicious server containing format string specifiers on the VNC name. In a web-based attack scenario, the user would be required to connect to a malicious server. Successful exploitation would then allow the attacker to execute arbitrary code with the privileges of the Vinagre user.