Published: 28/01/2009 Updated: 16/04/2009

CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4

VMScore: 614

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Untrusted search path vulnerability in the GObject Python interpreter wrapper in Gnumeric allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnome gnumeric

Debian Bug report logs - #513419 nautilus-python: CVE-2009-0317 untrusted search path vulnerability Package: nautilus-python; Maintainer for nautilus-python is Debian GNOME Maintainers <pkg-gnome-maintainers@listsaliothdebianorg>; Reported by: Nico Golde <nion@debianorg> Date: Wed, 28 Jan 2009 22:15:01 UTC Severi ...

Debian Bug report logs - #513418 gnumeric: CVE-2009-0318 untrusted search path vulnerability in GObject wrapper Package: gnumeric-plugins-extra; Maintainer for gnumeric-plugins-extra is Dmitry Smirnov <onlyjob@debianorg>; Source for gnumeric-plugins-extra is src:gnumeric (PTS, buildd, popcon) Reported by: Nico Golde <nio ...

NVD-CWE-Other https://bugzilla.redhat.com/show_bug.cgi?id=481572 http://www.openwall.com/lists/oss-security/2009/01/26/2 http://www.securityfocus.com/bid/33438 http://www.mandriva.com/security/advisories?name=MDVSA-2009:043 https://www.redhat.com/archives/fedora-package-announce/2009-February/msg00211.html http://secunia.com/advisories/33707 http://bugzilla.gnome.org/show_bug.cgi?id=569648 http://secunia.com/advisories/33823 http://security.gentoo.org/glsa/glsa-200904-03.xml https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513419

CVE-2009-0318

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect