Intrusion Prevention

OmniWeb.JavaScript.Alert.Format.String

Description

A format string vulnerability in OmniGroup OmniWeb 5.5.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in the Javascript alert function.

Affected Products

Omni Group OmniWeb 5.5.1
Omni Group OmniWeb 5.1
Omni Group OmniWeb 5.0.1

Impact

System compromise.

Recommended Actions

Upgrade to Omni Group OmniWeb 5.5.2

CVE References

CVE-2007-0148