PT-2002-2768 · Sketch · Sketch

Publicado

2002-12-31

Atualizado

2008-09-05

CVE-2002-2047

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Sketch versions 0.6.12 and earlier

Description The file preview functionality in Sketch allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of an encapsulated Postscript (EPS) file.

Recommendations For Sketch versions 0.6.12 and earlier, consider disabling the file preview functionality for EPS files until a patch is available. Restrict access to the file preview feature to minimize the risk of exploitation. Avoid using filenames that contain shell metacharacters in EPS files.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2002-2047

Produtos afetados

Sketch

PT-2002-2768 · Sketch · Sketch

CVE-2002-2047

Identificadores relacionados

Produtos afetados

Referências · 8