CVE-2005-3887 : Gadu-Gadu 7.20 does not properly handle MS-DOS device names in filenames, which allows remote attackers to (1) cause a d

Gadu-Gadu 7.20 does not properly handle MS-DOS device names in filenames, which allows remote attackers to (1) cause a denial of service (hang) via an image filename of AUX: sent twice (hang), or (2) write to the LPT1 port via a filename of "LPT1:".

Published 2005-11-29 21:03:00

Updated 2017-07-20 01:29:05

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Exploit prediction scoring system (EPSS) score for CVE-2005-3887

Probability of exploitation activity in the next 30 days: 2.00%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 87 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2005-3887

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.4	MEDIUM	AV:N/AC:H/Au:N/C:N/I:N/A:C	4.9	6.9	NIST
Access Vector: Network Access Complexity: High Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete

References for CVE-2005-3887

Products affected by CVE-2005-3887

Gadu-gadu » Gadu-gadu Instant Messenger » Version: 7.20
cpe:2.3:a:gadu-gadu:gadu-gadu_instant_messenger:7.20:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2005-3887

Exploit prediction scoring system (EPSS) score for CVE-2005-3887

CVSS scores for CVE-2005-3887

References for CVE-2005-3887

Products affected by CVE-2005-3887