Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1569

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-1569
Last Modified 05 Sep 2008 04:30:56
Published 17 Nov 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-1569

Summary

gv 3.5.8, and possibly earlier versions, allows remote attackers to execute arbitrary commands via shell metacharacters in the filename for (1) a PDF file or (2) a gzip file.

Vulnerable Systems

Application

  • Ghostview 1.3

  • Ghostview 1.4

  • Ghostview 1.4.1

  • Ghostview 1.5

  • Gv 2.7.6

  • Gv 2.7b1

  • Gv 2.7b2

  • Gv 2.7b3

  • Gv 2.7b4

  • Gv 2.7b5

  • Gv 2.9.4

  • Gv 3.0.0

  • Gv 3.0.4

  • Gv 3.1.4

  • Gv 3.1.6

  • Gv 3.2.4

  • Gv 3.4.12

  • Gv 3.4.2

  • Gv 3.4.3

  • Gv 3.5.2

  • Gv 3.5.3

  • Gv 3.5.8


References

XF - gv-system-execute-commands(10231)

BID - 5840

MISC - http://www.epita.fr/~bevand_m/asa/asa-0000

BUGTRAQ - 20021003 GLSA: gv

BUGTRAQ - 20021001 ASA-0000: GV Execution of Arbitrary Shell Commands


Last Updated: 27 May 2016 10:37:24