CVE-2008-3533 — HIGH (10.0)

Q: How severe is CVE-2008-3533?

CVE-2008-3533 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2008-3533?

Check the references section above for vendor advisories and patch information. Affected products include: Gnome Yelp, Gnome Gnome.

Vulnerability Description

Format string vulnerability in the window_error function in yelp-window.c in yelp in Gnome after 2.19.90 and before 2.24 allows remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command line, as demonstrated by use of yelp within (1) man or (2) ghelp URI handlers in Firefox, Evolution, and unspecified other programs.

CVSS Score

10.0

HIGH

AV:N/AC:L/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Gnome	Yelp	< 2.24
Gnome	Gnome	2.20

Related Weaknesses (CWE)

CWE-134

References

http://bugzilla.gnome.org/attachment.cgi?id=115890ExploitIssue Tracking
http://bugzilla.gnome.org/show_bug.cgi?id=546364ExploitIssue TrackingPatch
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.htmlMailing ListThird Party Advisory
http://secunia.com/advisories/31465Vendor Advisory
http://secunia.com/advisories/31620Vendor Advisory
http://secunia.com/advisories/31834Vendor Advisory
http://secunia.com/advisories/32629Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:175Product
http://www.securityfocus.com/bid/30690Third Party AdvisoryVDB Entry
http://www.ubuntu.com/usn/usn-638-1Third Party Advisory
http://www.vupen.com/english/advisories/2008/2393Broken Link
https://bugs.launchpad.net/ubuntu/+source/yelp/+bug/254860ExploitPatch
https://exchange.xforce.ibmcloud.com/vulnerabilities/44449VDB Entry
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00222.Mailing ListThird Party Advisory
http://bugzilla.gnome.org/attachment.cgi?id=115890ExploitIssue Tracking

FAQ

What is CVE-2008-3533?

CVE-2008-3533 is a vulnerability with a CVSS score of 10.0 (HIGH). Format string vulnerability in the window_error function in yelp-window.c in yelp in Gnome after 2.19.90 and before 2.24 allows remote attackers to execute arbitrary code via format string specifiers ...

How severe is CVE-2008-3533?

CVE-2008-3533 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2008-3533?

Check the references section above for vendor advisories and patch information. Affected products include: Gnome Yelp, Gnome Gnome.