CVE-2008-0755

Format string vulnerability in the ReportSysLogEvent function in the LPD server in cyan soft Opium OPI Server 4.10.1028 and earlier; cyanPrintIP Easy OPI, Professional, and Basic 4.10.1030 and earlier; Workstation 4.10.836 and earlier; and Standard 4.10.940 and earlier; might allow remote attackers to execute arbitrary code via format string specifiers in the queue name in a request.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
VendorProductVersion
cyan_softcyanprintip_basic
𝑥
≤ 4.10.1030
cyan_softcyanprintip_easy_opi
𝑥
≤ 4.10.1030
cyan_softcyanprintip_professional
𝑥
≤ 4.10.1030
cyan_softcyanprintip_standard
𝑥
≤ 4.10.940
cyan_softcyanprintip_workstation
𝑥
≤ 4.10.836
cyan_softopium4_opi_server
𝑥
≤ 4.10.1028
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://aluigi.altervista.org/adv/cyanuro-adv.txt
http://secunia.com/advisories/28870
http://www.securityfocus.com/archive/1/487955/100/0/threaded
http://www.securityfocus.com/bid/27728
http://www.securityfocus.com/bid/27734
http://www.vupen.com/english/advisories/2008/0498
http://aluigi.altervista.org/adv/cyanuro-adv.txt
http://secunia.com/advisories/28870
http://www.securityfocus.com/archive/1/487955/100/0/threaded
http://www.securityfocus.com/bid/27728
http://www.securityfocus.com/bid/27734
http://www.vupen.com/english/advisories/2008/0498