← voltar
CVE-2008-3533

CVE-2008-3533

EPSS 19.4%
Format string vulnerability in the window_error function in yelp-window.c in yelp in Gnome after 2.19.90 and before 2.24 allows remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command line, as demonstrated by use of yelp within (1) man or (2) ghelp URI handlers in Firefox, Evolution, and unspecified other programs.
Produtos afetados
n/a · n/a
PoCs públicas encontradas1
exploitdbwww.exploit-db.com/exploits/32248não verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://bugzilla.gnome.org/attachment.cgi?id=115890http://bugzilla.gnome.org/show_bug.cgi?id=546364http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.htmlhttps://bugs.launchpad.net/ubuntu/+source/yelp/+bug/254860http://secunia.com/advisories/31465http://secunia.com/advisories/31620http://secunia.com/advisories/31834http://secunia.com/advisories/32629https://exchange.xforce.ibmcloud.com/vulnerabilities/44449https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00222.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2008:175http://www.securityfocus.com/bid/30690