CVE-2008-1638 : Nik Sharpener Pro, possibly 2.0, uses world-writable permissions for plug-in fil

Nik Sharpener Pro, possibly 2.0, uses world-writable permissions for plug-in files, which allows local users to gain privileges by replacing a plug-in with a Trojan horse.

Published 2008-04-02 17:44:00

Updated 2025-04-09 00:30:58

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2008-1638

Nik Software Inc » Nik Sharpener Pro » Version: 2.0 Inkjet Edition
cpe:2.3:a:nik_software_inc:nik_sharpener_pro:2.0:*:inkjet:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2008-1638

EPSS FAQ

0.05%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 11 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2008-1638

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.8	MEDIUM	AV:L/AC:L/Au:S/C:C/I:C/A:C	3.1	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: Single Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2008-1638

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2008-1638

http://secunia.com/advisories/29586

Vendor Advisory
http://www.kb.cert.org/vuls/id/124289

US Government Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/41535
http://www.securityfocus.com/bid/27707

Jump to

Vulnerability Details : CVE-2008-1638

Products affected by CVE-2008-1638

Exploit prediction scoring system (EPSS) score for CVE-2008-1638

CVSS scores for CVE-2008-1638

CWE ids for CVE-2008-1638

References for CVE-2008-1638