Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2001-0084GTK vulnerability

4 documents4 sources
Severity
7.2HIGHNVD
EPSS
0.2%
top 52.24%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Gnome GTK
Timeline
PublishedFeb 12
Latest updateApr 30

Description

GTK+ library allows local users to specify arbitrary modules via the GTK_MODULES environmental variable, which could allow local users to gain privileges if GTK+ is used by a setuid/setgid program.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

NVDgnome/gtk1.2.8

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-7gg7-9cpw-h9r9: GTK+ library allows local users to specify arbitrary modules via the GTK_MODULES environmental variable, which could allow local users to gain privile2022-04-30
CVEList
CVE-2001-0084: GTK+ library allows local users to specify arbitrary modules via the GTK_MODULES environmental variable, which could allow local users to gain privile2001-02-02

💥Exploits & PoCs

1
Exploit-DB
GTK+ 1.2.8 - Arbitrary Loadable Module Execution2001-01-02
CVE-2001-0084 — Gnome GTK vulnerability | cvebase