CVE Vulnerability

CVE-2008-3533

Format string vulnerability in the window_error function in yelp-window.c in yelp in Gnome after 2.19.90 and before 2.24 allows remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command line, as demonstrated by use of yelp within (1) man or (2) ghelp URI handlers in Firefox, Evolution, and unspecified other programs.

10 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

References
Link Resource
http://bugzilla.gnome.org/attachment.cgi?id=115890 Exploit
http://bugzilla.gnome.org/show_bug.cgi?id=546364 Exploit Patch
https://bugs.launchpad.net/ubuntu/+source/yelp/+bug/254860 Exploit Patch
http://www.securityfocus.com/bid/30690
http://secunia.com/advisories/31465 Vendor Advisory
http://www.ubuntu.com/usn/usn-638-1
http://secunia.com/advisories/31620
http://www.mandriva.com/security/advisories?name=MDVSA-2008:175
http://secunia.com/advisories/31834
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00222.html
http://secunia.com/advisories/32629
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html
http://www.vupen.com/english/advisories/2008/2393
https://exchange.xforce.ibmcloud.com/vulnerabilities/44449
Configurations

Configuration 1

cpe:2.3:a:gnome:yelp:*:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gnome:2.20:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gnome:2.22:*:*:*:*:*:*:*
Information

Published : 2008-08-18 05:41

Updated : 2017-08-08 01:31

NVD link : CVE-2008-3533

Mitre link : CVE-2008-3533

Products Affected
No products.
CWE
CWE-134

Use of Externally-Controlled Format String