Lucene search

MitreCVE-2009-1515

HistoryMay 04, 2009 - 4:30 p.m.

CVE-2009-1515

2009-05-0416:30:00

CWE-119

mitre

web.nvd.nist.gov

cve-2009-1515

buffer overflow

remote code execution

christos zoulas

security vulnerability

nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.8

Confidence

Low

EPSS

0.122

Percentile

95.4%

JSON

Heap-based buffer overflow in the cdf_read_sat function in src/cdf.c in Christos Zoulas file 5.00 allows user-assisted remote attackers to execute arbitrary code via a crafted compound document file, as demonstrated by a .msi, .doc, or .mpp file. NOTE: some of these details are obtained from third party information.

Affected configurations

Nvd

Node

christos_zoulasfileMatch5.00

VendorProductVersionCPE
christos_zoulasfile5.00cpe:2.3:a:christos_zoulas:file:5.00:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
christos_zoulas	file	5.00	cpe:2.3:a:christos_zoulas:file:5.00:::::::*

References

ftp://ftp.astron.com/pub/file/file-5.01.tar.gz

bugs.debian.org/cgi-bin/bugreport.cgi?bug=515603

bugs.debian.org/cgi-bin/bugreport.cgi?bug=525820

mx.gw.com/pipermail/file/2009/000379.html

secunia.com/advisories/34881

www.mandriva.com/security/advisories?name=MDVSA-2009:129

www.osvdb.org/54100

www.securityfocus.com/bid/34745

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.8

Confidence

Low

EPSS

0.122

Percentile

95.4%

JSON

Related for CVE-2009-1515