Vulnerability Details : CVE-2004-0603
gzexe in gzip 1.3.3 and earlier will execute an argument when the creation of a temp file fails instead of exiting the program, which could allow remote attackers or local users to execute arbitrary commands, a different vulnerability than CVE-1999-1332.
Exploit prediction scoring system (EPSS) score for CVE-2004-0603
Probability of exploitation activity in the next 30 days: 0.50%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 74 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2004-0603
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
Vendor statements for CVE-2004-0603
-
Red Hat 2007-03-14Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
-
http://bugs.gentoo.org/show_bug.cgi?id=54890
Vendor Advisory
-
http://www.securityfocus.com/bid/10603
Patch;Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/16506
-
http://security.gentoo.org/glsa/glsa-200406-18.xml
Patch;Vendor Advisory
- cpe:2.3:a:gnu:gzip:*:*:*:*:*:*:*:*