Published: 03/07/2007 Updated: 29/07/2017

CVSS v2 Base Score: 6.8 | Impact Score: 10 | Exploitability Score: 3.1

VMScore: 605

Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C

Multiple stack-based buffer overflows in (1) CCE_pinyin.c and (2) xl_pinyin.c in ImmModules/cce/ in unicon-imc2 3.0.4, as used by zhcon and other applications, allow local users to gain privileges via a long HOME environment variable.

Vulnerable Product	Search on Vulmon	Subscribe to Product
unicon-imc2 unicon-imc2 3.0.4

Debian Bug report logs - #431336 CVE-2007-2835 : Buffer overflow Package: unicon-imc2; Maintainer for unicon-imc2 is Debian QA Group <packages@qadebianorg>; Source for unicon-imc2 is src:unicon (PTS, buildd, popcon) Reported by: Steve Kemp <skx@debianorg> Date: Sun, 1 Jul 2007 19:18:01 UTC Severity: grave Tags: ...

Steve Kemp from the Debian Security Audit project discovered that unicon-imc2, a Chinese input method library, makes unsafe use of an environmental variable, which may be exploited to execute arbitrary code For the stable distribution (etch) this problem has been fixed in version 304-11etch1 For the unstable distribution (sid) this problem will ...

NVD-CWE-Other http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=431336 http://www.debian.org/security/2007/dsa-1328 http://www.securityfocus.com/bid/24719 http://secunia.com/advisories/25912 http://secunia.com/advisories/25910 http://osvdb.org/37794 https://exchange.xforce.ibmcloud.com/vulnerabilities/35382 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=431336 https://nvd.nist.gov https://www.debian.org/security/./dsa-1328

CVE-2007-2835

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect