CVE-2008-3533

Sažetak

Format string vulnerability in the window_error function in yelp-window.c in yelp in Gnome after 2.19.90 and before 2.24 allows remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command line, as demonstrated by use of yelp within (1) man or (2) ghelp URI handlers in Firefox, Evolution, and unspecified other programs.

Reference

http://bugzilla.gnome.org/attachment.cgi?id=115890
http://bugzilla.gnome.org/show_bug.cgi?id=546364
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html
http://secunia.com/advisories/31465
http://secunia.com/advisories/31620
http://secunia.com/advisories/31834
http://secunia.com/advisories/32629
http://www.mandriva.com/security/advisories?name=MDVSA-2008:175
http://www.securityfocus.com/bid/30690
http://www.ubuntu.com/usn/usn-638-1
http://www.vupen.com/english/advisories/2008/2393
https://bugs.launchpad.net/ubuntu/+source/yelp/+bug/254860
https://exchange.xforce.ibmcloud.com/vulnerabilities/44449
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00222.html

CVSS

Base:	10.0
Impact:	10.0
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

08-08-2017 - 01:31

Objavljeno

18-08-2008 - 17:41