PT-2010-4304 · Uzbl · Uzbl

Vincent Danen

Published

2010-08-19

Updated

2017-08-17

CVE-2010-2809

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Uzbl versions prior to 2010.08.05

Description The issue concerns the default configuration of the Button2 binding in Uzbl, which does not properly utilize the @SELECTED URI feature. This allows remote attackers to execute arbitrary commands with user assistance, by crafting the HREF attribute of an A element in an HTML document.

Recommendations For versions prior to 2010.08.05, update to a version that properly uses the @SELECTED URI feature to mitigate the risk of arbitrary command execution.

Exploit

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2010-2809

Affected Products

Uzbl

PT-2010-4304 · Uzbl · Uzbl

CVE-2010-2809

Weakness Enumeration

Related Identifiers

Affected Products

References · 12