CVE-2008-0945

Published: Feb 25, 2008Modified: Apr 23, 2026

3.5

Vector

AV:N/AC:M/Au:S/C:N/I:N/A:P

Exploitability: 6.8 / Impact: 2.9

Source: NVD

Description

Format string vulnerability in the logging function in the IM Server (aka IMserve or IMserver) in Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in an IP address field.

Affected (2)

Products: Ipswitch: Imserver, Instant Messaging

2 products

Instant Messaging

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Ipswitch Imserver	Up to 2.0.8.1
Ipswitch Instant Messaging	Up to 2.0.8.1

Related CWEs

Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

References (12)

http://aluigi.altervista.org/adv/ipsimene-adv.txt

Source: cve@mitre.org

http://aluigi.org/poc/ipsimene.zip

Source: cve@mitre.org

http://secunia.com/advisories/28824

Source: cve@mitre.org

Vendor Advisory

http://securityreason.com/securityalert/3697

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/487748/100/200/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/27677

Source: cve@mitre.org

http://aluigi.altervista.org/adv/ipsimene-adv.txt

Source: af854a3a-2127-422b-91ae-364da2661108

http://aluigi.org/poc/ipsimene.zip

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/28824

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://securityreason.com/securityalert/3697

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/487748/100/200/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/27677

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.