Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4875

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2012-4875
Last Modified 10 Sep 2012 12:00:00
Published 06 Sep 2012 05:55:03
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-4875

Summary

** DISPUTED ** Heap-based buffer overflow in gdevwpr2.c in Ghostscript 9.04, when processing the OutputFile device parameter, allows user-assisted remote attackers to execute arbitrary code via a long file name in a PostScript document. NOTE: as of 20120314, the developer was not able to reproduce the issue and disputed it.

Vulnerable Systems

Application

  • Artifex Gpl Ghostscript 9.04


References

XF - ghostscript-outputfile-bo(74554)

BID - 52864

SECUNIA - 47855

MISC - http://bugs.ghostscript.com/show_bug.cgi?id=692856


Last Updated: 27 May 2016 11:00:30