CVE-2008-3533

Format string vulnerability in the window_error function in yelp-window.c in yelp in Gnome after 2.19.90 and before 2.24 allows remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command line, as demonstrated by use of yelp within (1) man or (2) ghelp URI handlers in Firefox, Evolution, and unspecified other programs.
References
Link Resource
http://bugzilla.gnome.org/attachment.cgi?id=115890 Exploit Issue Tracking
http://bugzilla.gnome.org/show_bug.cgi?id=546364 Exploit Issue Tracking Patch
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html Mailing List Third Party Advisory
http://secunia.com/advisories/31465 Vendor Advisory
http://secunia.com/advisories/31620 Vendor Advisory
http://secunia.com/advisories/31834 Vendor Advisory
http://secunia.com/advisories/32629 Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:175 Product
http://www.securityfocus.com/bid/30690 Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/usn-638-1 Third Party Advisory
http://www.vupen.com/english/advisories/2008/2393 Broken Link
https://bugs.launchpad.net/ubuntu/+source/yelp/+bug/254860 Exploit Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/44449 VDB Entry
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00222.html Mailing List Third Party Advisory
http://bugzilla.gnome.org/attachment.cgi?id=115890 Exploit Issue Tracking
http://bugzilla.gnome.org/show_bug.cgi?id=546364 Exploit Issue Tracking Patch
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html Mailing List Third Party Advisory
http://secunia.com/advisories/31465 Vendor Advisory
http://secunia.com/advisories/31620 Vendor Advisory
http://secunia.com/advisories/31834 Vendor Advisory
http://secunia.com/advisories/32629 Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2008:175 Product
http://www.securityfocus.com/bid/30690 Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/usn-638-1 Third Party Advisory
http://www.vupen.com/english/advisories/2008/2393 Broken Link
https://bugs.launchpad.net/ubuntu/+source/yelp/+bug/254860 Exploit Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/44449 VDB Entry
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00222.html Mailing List Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:gnome:yelp:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:gnome:gnome:2.20:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gnome:2.22:*:*:*:*:*:*:*

History

21 Nov 2024, 00:49

Type Values Removed Values Added
References () http://bugzilla.gnome.org/attachment.cgi?id=115890 - Exploit, Issue Tracking () http://bugzilla.gnome.org/attachment.cgi?id=115890 - Exploit, Issue Tracking
References () http://bugzilla.gnome.org/show_bug.cgi?id=546364 - Exploit, Issue Tracking, Patch () http://bugzilla.gnome.org/show_bug.cgi?id=546364 - Exploit, Issue Tracking, Patch
References () http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html - Mailing List, Third Party Advisory () http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html - Mailing List, Third Party Advisory
References () http://secunia.com/advisories/31465 - Vendor Advisory () http://secunia.com/advisories/31465 - Vendor Advisory
References () http://secunia.com/advisories/31620 - Vendor Advisory () http://secunia.com/advisories/31620 - Vendor Advisory
References () http://secunia.com/advisories/31834 - Vendor Advisory () http://secunia.com/advisories/31834 - Vendor Advisory
References () http://secunia.com/advisories/32629 - Vendor Advisory () http://secunia.com/advisories/32629 - Vendor Advisory
References () http://www.mandriva.com/security/advisories?name=MDVSA-2008:175 - Product () http://www.mandriva.com/security/advisories?name=MDVSA-2008:175 - Product
References () http://www.securityfocus.com/bid/30690 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/30690 - Third Party Advisory, VDB Entry
References () http://www.ubuntu.com/usn/usn-638-1 - Third Party Advisory () http://www.ubuntu.com/usn/usn-638-1 - Third Party Advisory
References () http://www.vupen.com/english/advisories/2008/2393 - Broken Link () http://www.vupen.com/english/advisories/2008/2393 - Broken Link
References () https://bugs.launchpad.net/ubuntu/+source/yelp/+bug/254860 - Exploit, Patch () https://bugs.launchpad.net/ubuntu/+source/yelp/+bug/254860 - Exploit, Patch
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/44449 - VDB Entry () https://exchange.xforce.ibmcloud.com/vulnerabilities/44449 - VDB Entry
References () https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00222.html - Mailing List, Third Party Advisory () https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00222.html - Mailing List, Third Party Advisory

19 Nov 2024, 20:25

Type Values Removed Values Added
References () http://bugzilla.gnome.org/attachment.cgi?id=115890 - Exploit () http://bugzilla.gnome.org/attachment.cgi?id=115890 - Exploit, Issue Tracking
References () http://bugzilla.gnome.org/show_bug.cgi?id=546364 - Exploit, Patch () http://bugzilla.gnome.org/show_bug.cgi?id=546364 - Exploit, Issue Tracking, Patch
References () http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html - () http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html - Mailing List, Third Party Advisory
References () http://secunia.com/advisories/31620 - () http://secunia.com/advisories/31620 - Vendor Advisory
References () http://secunia.com/advisories/31834 - () http://secunia.com/advisories/31834 - Vendor Advisory
References () http://secunia.com/advisories/32629 - () http://secunia.com/advisories/32629 - Vendor Advisory
References () http://www.mandriva.com/security/advisories?name=MDVSA-2008:175 - () http://www.mandriva.com/security/advisories?name=MDVSA-2008:175 - Product
References () http://www.securityfocus.com/bid/30690 - () http://www.securityfocus.com/bid/30690 - Third Party Advisory, VDB Entry
References () http://www.ubuntu.com/usn/usn-638-1 - () http://www.ubuntu.com/usn/usn-638-1 - Third Party Advisory
References () http://www.vupen.com/english/advisories/2008/2393 - () http://www.vupen.com/english/advisories/2008/2393 - Broken Link
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/44449 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/44449 - VDB Entry
References () https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00222.html - () https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00222.html - Mailing List, Third Party Advisory

Information

Published : 2008-08-18 17:41

Updated : 2024-11-21 00:49


NVD link : CVE-2008-3533

Mitre link : CVE-2008-3533

CVE.ORG link : CVE-2008-3533


JSON object : View

Products Affected

gnome

  • gnome
  • yelp
CWE
CWE-134

Use of Externally-Controlled Format String