← volver
CVE-2008-3533

CVE-2008-3533

EPSS 19.4%
Format string vulnerability in the window_error function in yelp-window.c in yelp in Gnome after 2.19.90 and before 2.24 allows remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command line, as demonstrated by use of yelp within (1) man or (2) ghelp URI handlers in Firefox, Evolution, and unspecified other programs.
Productos afectados
n/a · n/a
PoCs públicas encontradas1
exploitdbwww.exploit-db.com/exploits/32248no verificado
⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://bugzilla.gnome.org/attachment.cgi?id=115890http://bugzilla.gnome.org/show_bug.cgi?id=546364http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.htmlhttps://bugs.launchpad.net/ubuntu/+source/yelp/+bug/254860http://secunia.com/advisories/31465http://secunia.com/advisories/31620http://secunia.com/advisories/31834http://secunia.com/advisories/32629https://exchange.xforce.ibmcloud.com/vulnerabilities/44449https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00222.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2008:175http://www.securityfocus.com/bid/30690