Format string vulnerability in the window_error function in yelp-window.c in yelp in Gnome after 2.19.90 and before 2.24 allows remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command line, as demonstrated by use of yelp within (1) man or (2) ghelp URI handlers in Firefox, Evolution, and unspecified other programs.
oryginał ENAV:N/AC:L/Au:N/C:C/I:C/A:CGnome
APPGnome2.202.22Gnome Yelp
APPGnome< 2.24
Powiązane podatności
A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary script...
The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the J...
The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the T...
XScreenSaver in Sun Solaris 10 and OpenSolaris before snv_109, and Solaris 8 and 9 with GNOME 2.0 or 2.0.2, al...
Domyślnie włączone Remote Desktop Sharing w Ubuntu (gnome-control-center)