Vulnerability Details : CVE-2008-5660
Format string vulnerability in the vinagre_utils_show_error function (src/vinagre-utils.c) in Vinagre 0.5.x before 0.5.2 and 2.x before 2.24.2 might allow remote attackers to execute arbitrary code via format string specifiers in a crafted URI or VNC server response.
Vulnerability category: OverflowExecute code
Products affected by CVE-2008-5660
- cpe:2.3:a:gnome:vinagre:2.23.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:vinagre:2.23.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:vinagre:2.24.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:vinagre:0.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:vinagre:2.23.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:vinagre:2.23.90:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:vinagre:2.23.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:vinagre:2.23.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:vinagre:0.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:vinagre:2.23.92:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:vinagre:2.23.91:*:*:*:*:*:*:*
- cpe:2.3:a:gnome:vinagre:2.24.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-5660
16.48%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 95 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-5660
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2008-5660
-
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-5660
-
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00473.html
[SECURITY] Fedora 9 Update: vinagre-0.5.2-1.fc9
-
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00485.html
[SECURITY] Fedora 8 Update: vinagre-0.4-2.fc8
-
http://www.ubuntu.com/usn/usn-689-1
USN-689-1: Vinagre vulnerability | Ubuntu security notices | UbuntuVendor Advisory
-
https://www.exploit-db.com/exploits/7401
Vinagre < 2.24.2 - 'show_error()' Remote Format String (PoC) - Windows dos Exploit
-
http://www.vupen.com/english/advisories/2008/3362
Site en construction
-
http://www.mandriva.com/security/advisories?name=MDVSA-2008:240
MandrivaVendor Advisory
-
http://www.securityfocus.com/archive/1/499057/100/0/threaded
-
http://www.coresecurity.com/content/vinagre-format-string
Vinagre show_error() Format String Vulnerability | CoreLabs AdvisoriesExploit
-
https://bugzilla.redhat.com/show_bug.cgi?id=475070
475070 – (CVE-2008-5660) CVE-2008-5660 vinagre: format string flaw in vinagre_utils_show_error()
Jump to