PT-2010-3674 · Artifex+2 · Ghostscript+2

Publicado

2010-07-22

Atualizado

2015-01-09

CVE-2010-2055

CVSS v2.0

7.2

Alta

Vetor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Ghostscript versions 8.71 and earlier

Description The issue allows local users to execute arbitrary PostScript commands via a Trojan horse file due to improper support for the -P- option to the gs program. This can be demonstrated using gs init.ps.

Recommendations For Ghostscript versions 8.71 and earlier, consider updating to a version that fixes this issue, as the current version allows for the execution of arbitrary PostScript commands. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-17

Identificadores relacionados

CESA-2012_0095

CVE-2010-2055

RHSA-2012:0095

RHSA-2012_0095

Produtos afetados

Centos

Ghostscript

Red Hat

PT-2010-3674 · Artifex+2 · Ghostscript+2

CVE-2010-2055

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 39