Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3533

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-3533
Last Modified 07 Mar 2011 10:10:56
Published 18 Aug 2008 01:41:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-3533

Summary

Format string vulnerability in the window_error function in yelp-window.c in yelp in Gnome after 2.19.90 and before 2.24 allows remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command line, as demonstrated by use of yelp within (1) man or (2) ghelp URI handlers in Firefox, Evolution, and unspecified other programs.

Vulnerable Systems

Application

  • Gnome 2.20

  • Gnome 2.22

  • Gnome Yelp


References

CONFIRM - https://bugs.launchpad.net/ubuntu/+source/yelp/+bug/254860

CONFIRM - http://bugzilla.gnome.org/show_bug.cgi?id=546364

FEDORA - FEDORA-2008-7293

XF - yelp-uri-format-string(44449)

VUPEN - ADV-2008-2393

UBUNTU - USN-638-1

BID - 30690

MANDRIVA - MDVSA-2008:175

SECUNIA - 32629

SECUNIA - 31834

SECUNIA - 31620

SECUNIA - 31465

SUSE - SUSE-SR:2008:024

CONFIRM - http://bugzilla.gnome.org/attachment.cgi?id=115890


Last Updated: 27 May 2016 10:48:13