[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

250770

 
 

909

 
 

196157

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2010-2055Date: (C)2010-07-22   (M)2023-12-28


Ghostscript 8.71 and earlier reads initialization files from the current working directory, which allows local users to execute arbitrary PostScript commands via a Trojan horse file, related to improper support for the -P- option to the gs program, as demonstrated using gs_init.ps, a different vulnerability than CVE-2010-4820.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.2
Exploit Score: 3.9
Impact Score: 10.0
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: COMPLETE
Integrity: COMPLETE
Availability: COMPLETE
  
Reference:
http://www.securityfocus.com/archive/1/511433
http://www.securityfocus.com/archive/1/511474
SECUNIA-40452
SECUNIA-40475
SECUNIA-40532
OSVDB-66247
ADV-2010-1757
FEDORA-2010-10642
FEDORA-2010-10660
GLSA-201412-17
RHSA-2012:0095
SUSE-SR:2010:014
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583183
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=583316
http://bugs.ghostscript.com/show_bug.cgi?id=691339
http://bugs.ghostscript.com/show_bug.cgi?id=691350
http://savannah.gnu.org/forum/forum.php?forum_id=6368
https://bugzilla.novell.com/show_bug.cgi?id=608071
https://bugzilla.redhat.com/show_bug.cgi?id=599564

CPE    31
cpe:/a:artifex:gpl_ghostscript:8.01
cpe:/a:artifex:ghostscript_fonts:6.0
cpe:/a:artifex:gpl_ghostscript:8.50
cpe:/a:artifex:afpl_ghostscript:8.12
...
CWE    1
CWE-17
OVAL    12
oval:org.secpod.oval:def:100369
oval:org.secpod.oval:def:100753
oval:org.secpod.oval:def:100194
oval:org.secpod.oval:def:100297
...

© SecPod Technologies