Format string vulnerability in the new_warning function in ntserv/warning.c for Netrek Vanilla Server 2.12.0, when EVENTLOG is enabled, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in the message handling. This vulnerability is addressed in the following product update:
http://sourceforge.net/project/shownotes.php?release_id490561
Publication date: Sun, 04 Mar 2007 02:19:00 +0000