CVE-2007-0148

Published: Jan 9, 2007Modified: Apr 23, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

Format string vulnerability in OmniGroup OmniWeb 5.5.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in the Javascript alert function.

Affected (1)

Products: Omnigroup: Omniweb

Omnigroup

1 product

Omniweb

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Omnigroup Omniweb	Version 5.5.1

References (22)

http://blog.omnigroup.com/2007/01/07/omniweb-552-now-available-and-more-secure/

Source: cve@mitre.org

http://osvdb.org/31222

Source: cve@mitre.org

http://projects.info-pull.com/moab/MOAB-07-01-2007.html

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/23624

Source: cve@mitre.org

PatchVendor Advisory

http://www.digitalmunition.com/DMA%5B2007-0107a%5D.txt

Source: cve@mitre.org

http://www.omnigroup.com/applications/omniweb/releasenotes/

Source: cve@mitre.org

Patch

http://www.securityfocus.com/archive/1/456578/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/21911

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2007/0075

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/31324

Source: cve@mitre.org

https://www.exploit-db.com/exploits/3098

Source: cve@mitre.org

http://blog.omnigroup.com/2007/01/07/omniweb-552-now-available-and-more-secure/