CVE-2005-0012

Format string vulnerability in the a_Interface_msg function in Dillo before 0.8.3-r4 allows remote attackers to execute arbitrary code via format string specifiers in a web page.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/advisories/13760/	Vendor Advisory
http://secunia.com/advisories/13764
http://www.gentoo.org/security/en/glsa/glsa-200501-11.xml	Vendor Advisory
http://www.securityfocus.com/bid/12203	Exploit Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/18807

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:dillo:dillo_web_browser:0.2:::::::*
	cpe:2.3:a:dillo:dillo_web_browser:0.2.1:::::::*
	cpe:2.3:a:dillo:dillo_web_browser:0.2.2:::::::*
	cpe:2.3:a:dillo:dillo_web_browser:0.2.3:::::::*
	cpe:2.3:a:dillo:dillo_web_browser:0.2.4:::::::*
	cpe:2.3:a:dillo:dillo_web_browser:0.3:::::::*
	cpe:2.3:a:dillo:dillo_web_browser:0.3.1:::::::*
	cpe:2.3:a:dillo:dillo_web_browser:0.4:::::::*
	cpe:2.3:a:dillo:dillo_web_browser:0.5.1:::::::*
	cpe:2.3:a:dillo:dillo_web_browser:0.6:::::::*
	cpe:2.3:a:dillo:dillo_web_browser:0.6.1:::::::*
	cpe:2.3:a:dillo:dillo_web_browser:0.6.2:::::::*
	cpe:2.3:a:dillo:dillo_web_browser:0.6.3:::::::*
	cpe:2.3:a:dillo:dillo_web_browser:0.6.4:::::::*
	cpe:2.3:a:dillo:dillo_web_browser:0.6.5:::::::*
	cpe:2.3:a:dillo:dillo_web_browser:0.6.6:::::::*
	cpe:2.3:a:dillo:dillo_web_browser:0.7:::::::*
	cpe:2.3:a:dillo:dillo_web_browser:0.7.1:::::::*
	cpe:2.3:a:dillo:dillo_web_browser:0.7.1.2:::::::*
	cpe:2.3:a:dillo:dillo_web_browser:0.7.2:::::::*
	cpe:2.3:a:dillo:dillo_web_browser:0.7.3:::::::*
	cpe:2.3:a:dillo:dillo_web_browser:0.8:::::::*
	cpe:2.3:a:dillo:dillo_web_browser:0.8.1:::::::*
	cpe:2.3:a:dillo:dillo_web_browser:0.8.2:::::::*
	cpe:2.3:a:dillo:dillo_web_browser:0.8.3:::::::*

History

No history.

Information

Published : 2005-05-02 04:00

Updated : 2024-02-28 10:42

NVD link : CVE-2005-0012

Mitre link : CVE-2005-0012

CVE.ORG link : CVE-2005-0012

JSON object : View

Products Affected

dillo

dillo_web_browser

CWE

NVD-CWE-Other

{"id": "CVE-2005-0012", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2005-05-02T04:00:00.000", "references": [{"url": "http://secunia.com/advisories/13760/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/13764", "source": "cve@mitre.org"}, {"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-11.xml", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/12203", "tags": ["Exploit", "Patch"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18807", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Format string vulnerability in the a_Interface_msg function in Dillo before 0.8.3-r4 allows remote attackers to execute arbitrary code via format string specifiers in a web page."}], "lastModified": "2017-07-11T01:32:03.657", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dillo:dillo_web_browser:0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A94E9AC3-5835-4E79-AB34-637185421292"}, {"criteria": "cpe:2.3:a:dillo:dillo_web_browser:0.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1FE609C2-1FD6-40AA-B1F7-FED9234431AB"}, {"criteria": "cpe:2.3:a:dillo:dillo_web_browser:0.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F09C6A52-1942-42EB-AD41-29D34FB82825"}, {"criteria": "cpe:2.3:a:dillo:dillo_web_browser:0.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "09F9E9E2-3A5D-4266-A3A9-64CA0B0EF942"}, {"criteria": "cpe:2.3:a:dillo:dillo_web_browser:0.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4FB0B919-02AD-4A21-B2A7-BD25A3FD3DDC"}, {"criteria": "cpe:2.3:a:dillo:dillo_web_browser:0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "680ECD1A-67C7-442B-AD53-4310E08FCA57"}, {"criteria": "cpe:2.3:a:dillo:dillo_web_browser:0.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C8428562-6417-49E8-9DF5-F36DEDB2E880"}, {"criteria": "cpe:2.3:a:dillo:dillo_web_browser:0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E67B9FA0-AFC5-4479-92A8-FEEF3C31F0CE"}, {"criteria": "cpe:2.3:a:dillo:dillo_web_browser:0.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4A25A402-A797-4253-B684-62C4571152EE"}, {"criteria": "cpe:2.3:a:dillo:dillo_web_browser:0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE5D942B-70E4-4090-AE16-CA6CC0FDBF52"}, {"criteria": "cpe:2.3:a:dillo:dillo_web_browser:0.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A47080B2-A1D9-4DB0-A667-CD04E642845C"}, {"criteria": "cpe:2.3:a:dillo:dillo_web_browser:0.6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F43925B-6247-4096-8FFB-AAF8A76B25C7"}, {"criteria": "cpe:2.3:a:dillo:dillo_web_browser:0.6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6EADF0B3-5F69-4B08-B7D5-5F9240745925"}, {"criteria": "cpe:2.3:a:dillo:dillo_web_browser:0.6.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "188F1458-0C93-4FBC-B111-0EF32C327319"}, {"criteria": "cpe:2.3:a:dillo:dillo_web_browser:0.6.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8B0C785B-3582-4493-A22C-E33E9496BFDF"}, {"criteria": "cpe:2.3:a:dillo:dillo_web_browser:0.6.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "68220468-E7B4-4D39-BAE7-D69F79F08967"}, {"criteria": "cpe:2.3:a:dillo:dillo_web_browser:0.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D187FCC6-AD81-404F-9F69-D58A0AF6D3AB"}, {"criteria": "cpe:2.3:a:dillo:dillo_web_browser:0.7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "819FE3D5-CFFD-48B0-BECB-607E48636F05"}, {"criteria": "cpe:2.3:a:dillo:dillo_web_browser:0.7.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2D3FCCF6-23C3-404A-9091-C669B6E9D81B"}, {"criteria": "cpe:2.3:a:dillo:dillo_web_browser:0.7.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A6C9FBB-4CF3-4B7B-95EA-126ADFDA9747"}, {"criteria": "cpe:2.3:a:dillo:dillo_web_browser:0.7.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "535320B4-9BE9-4395-80A4-9A857E46837A"}, {"criteria": "cpe:2.3:a:dillo:dillo_web_browser:0.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F398046-E2C3-444A-9899-191043E90225"}, {"criteria": "cpe:2.3:a:dillo:dillo_web_browser:0.8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5DB1BD70-F755-4280-916F-AFFF0B18D581"}, {"criteria": "cpe:2.3:a:dillo:dillo_web_browser:0.8.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BFE1A226-9F33-4906-8227-FA97DCC4E509"}, {"criteria": "cpe:2.3:a:dillo:dillo_web_browser:0.8.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DCC05DE5-659B-4C0F-A2B3-B941698F2341"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}