Format String Vulnerability in Evolution Shared Memo by Novell
CVE-2007-1002

Currently unrated

Key Information:

Vendor: Evolution
Status: Shared Memo
Vendor: CVE Published:; 21 March 2007

What is CVE-2007-1002?

A format string vulnerability exists in the write_html function of Evolution Shared Memo, specifically in the calendar/gui/e-cal-component-memo-preview.c file. This issue arises due to improper handling of format specifiers, which can be exploited by remote attackers with user assistance. By crafting specially designed shared memos, an attacker can potentially execute arbitrary code on the affected system, leading to severe security risks.

References

http://secunia.com/advisories/24651

third-party-advisoryx_refsource_SECUNIA

https://rhn.redhat.com/errata/RHSA-2007-0158.html

vendor-advisoryx_refsource_REDHAT

http://www.securitytracker.com/id?1017808

vdb-entryx_refsource_SECTRACK

EPSS Score

12% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 21, 2007
Vulnerability Reserved
Feb 16, 2007

CVE-2007-1002 Data

JSON