Vulnerability Details : CVE-2012-0427
yast2-add-on-creator in SUSE inst-source-utils 2008.11.26 before 2008.11.26-0.9.1 and 2012.9.13 before 2012.9.13-0.8.1 allows local users to gain privileges via a crafted (1) file name or (2) directory name.
Products affected by CVE-2012-0427
- cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-0427
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-0427
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
CWE ids for CVE-2012-0427
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-0427
-
https://bugzilla.novell.com/show_bug.cgi?id=604730
Bug 604730 – VUL-0: yast2-add-on-creator: inst-source-utils: Add-On Creator cannot handle spaces in path properlyExploit
-
http://download.novell.com/Download?buildid=tGCXHQR48E4~
Downloads - inst-source-utils 6817
-
https://support.novell.com/security/cve/CVE-2012-0427.html
CVE-2012-0427 | SUSEVendor Advisory
Jump to