PT-2009-1459 · Dia · Dia
Published
2009-01-28
·
Updated
2024-06-15
·
CVE-2008-5984
CVSS v2.0
6.9
Medium
| Vector | AV:L/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Dia version 0.96.1
Description
The issue allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory. This is related to a vulnerability in the PySys SetArgv function.
Recommendations
For version 0.96.1, consider restricting access to the Python plugin until a patch is available. As a temporary workaround, avoid using the Python plugin in untrusted environments to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Dia