CVE-2006-2409

Raydium - Format String Vulnerability

Title source: rule

Description

Format string vulnerability in the raydium_log function in console.c in Raydium before SVN revision 310 allows local users to execute arbitrary code via format string specifiers in the format parameter, which are not properly handled in a call to raydium_console_line_add.

Exploits (1)

exploitdb SUSPICIOUS

doswindows

https://www.exploit-db.com/exploits/1784

View Code ZIP pw:eip

References (8)

[Vendor Advisory] http://aluigi.altervista.org/adv/raydiumx-adv.txt

[Patch, Vendor Advisory] http://secunia.com/advisories/20097

[Vendor Advisory] http://www.vupen.com/english/advisories/2006/1808

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/26514

[Various Sources] http://raydium.org/svn.php

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/433930/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/17986

[Third Party Advisory] http://securityreason.com/securityalert/900

Scores

EPSS 0.0024

EPSS Percentile 47.5%

Details

CWE

CWE-134

Status published

Products (27)

raydium/raydium svn_revision_283

raydium/raydium svn_revision_284

raydium/raydium svn_revision_285

raydium/raydium svn_revision_286

raydium/raydium svn_revision_287

raydium/raydium svn_revision_288

raydium/raydium svn_revision_289

raydium/raydium svn_revision_290

raydium/raydium svn_revision_291

raydium/raydium svn_revision_292

... and 17 more

Published May 16, 2006

Tracked Since Feb 18, 2026