Format string vulnerability in ALPass 2.7 English and 3.02 Korean might allow user-assisted remote attackers to execute arbitrary code via format string specifiers in an fnm field in a folder-name record in an ALPASS DB (APW) file.Referenceshttp://vuln.sg/alpass27-en.htmlhttp://secunia.com/advisories/26616https://exchange.xforce.ibmcloud.com/vulnerabilities/36256http://www.securityfocus.com/bid/25435
