Key Information Summary Vulnerability Name: Weex: Format string vulnerability — GLSA 200510-09 Release Date: October 08, 2005 Latest Revision Date: October 08, 2005: 01 Affected Package: Package: on all architectures Affected Versions: Unaffected Versions: Vulnerability Severity: normal Exploitation Method: remote Vulnerability Description: Weex contains a format string error that may be exploited by malicious servers to execute arbitrary code. Vulnerability Discoverer: Ulf Harnhammar Vulnerability Trigger Condition: Triggered when Weex is first run (or when its cache files are rebuilt, using the option). Vulnerability Impact: An attacker could set up a malicious FTP server which, when accessed using Weex, could execute arbitrary code with the rights of the user running Weex. Remediation: All Weex users should upgrade to the latest version: Related Vulnerability ID: CAN-2005-3150