CVE-2008-5660
published 2008-12-17CVE-2008-5660: Format string vulnerability in the vinagre_utils_show_error function (src/vinagre-utils.c) in Vinagre 0.5.x before 0.5.2 and 2.x before 2.24.2 might allow…
PriorityP349medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
9.12%
94.7th percentile
Format string vulnerability in the vinagre_utils_show_error function (src/vinagre-utils.c) in Vinagre 0.5.x before 0.5.2 and 2.x before 2.24.2 might allow remote attackers to execute arbitrary code via format string specifiers in a crafted URI or VNC server response.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | vinagre | < vinagre 0.5.1-2 (bookworm) | vinagre 0.5.1-2 (bookworm) |
| gnome | vinagre | — | — |
| gnome | vinagre | — | — |
| gnome | vinagre | — | — |
| gnome | vinagre | — | — |
| gnome | vinagre | — | — |
| gnome | vinagre | — | — |
| gnome | vinagre | — | — |
| gnome | vinagre | — | — |
| gnome | vinagre | — | — |
| gnome | vinagre | — | — |
| gnome | vinagre | — | — |
| gnome | vinagre | — | — |
| gnome | vinagre | >= 0 < 0.5.1-2 | 0.5.1-2 |
| gnome | vinagre | >= 0 < 0.5.1-2 | 0.5.1-2 |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8MEDIUM
vendor_redhat6.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2008-5660: vinagre - Format string vulnerability in the vinagre_utils_show_error function (src/vinagr...
vendor_debian·2008·CVSS 6.8
CVE-2008-5660 [MEDIUM] CVE-2008-5660: vinagre - Format string vulnerability in the vinagre_utils_show_error function (src/vinagr...
Format string vulnerability in the vinagre_utils_show_error function (src/vinagre-utils.c) in Vinagre 0.5.x before 0.5.2 and 2.x before 2.24.2 might allow remote attackers to execute arbitrary code via format string specifiers in a crafted URI or VNC server response.
Scope: local
bookworm: resolved (fixed in 0.5.1-2)
bullseye: resolved (fixed in 0.5.1-2)
Red Hat
vinagre: format string flaw in vinagre_utils_show_error()
vendor_redhat·CVSS 6.8
CVE-2008-5660 [MEDIUM] vinagre: format string flaw in vinagre_utils_show_error()
vinagre: format string flaw in vinagre_utils_show_error()
Format string vulnerability in the vinagre_utils_show_error function (src/vinagre-utils.c) in Vinagre 0.5.x before 0.5.2 and 2.x before 2.24.2 might allow remote attackers to execute arbitrary code via format string specifiers in a crafted URI or VNC server response.
GHSA
GHSA-qq3g-2vhj-h4wr: Format string vulnerability in the vinagre_utils_show_error function (src/vinagre-utils
ghsa_unreviewed·2022-05-14
CVE-2008-5660 [MEDIUM] CWE-134 GHSA-qq3g-2vhj-h4wr: Format string vulnerability in the vinagre_utils_show_error function (src/vinagre-utils
Format string vulnerability in the vinagre_utils_show_error function (src/vinagre-utils.c) in Vinagre 0.5.x before 0.5.2 and 2.x before 2.24.2 might allow remote attackers to execute arbitrary code via format string specifiers in a crafted URI or VNC server response.
OSV
CVE-2008-5660: Format string vulnerability in the vinagre_utils_show_error function (src/vinagre-utils
osv·2008-12-17·CVSS 6.8
CVE-2008-5660 [MEDIUM] CVE-2008-5660: Format string vulnerability in the vinagre_utils_show_error function (src/vinagre-utils
Format string vulnerability in the vinagre_utils_show_error function (src/vinagre-utils.c) in Vinagre 0.5.x before 0.5.2 and 2.x before 2.24.2 might allow remote attackers to execute arbitrary code via format string specifiers in a crafted URI or VNC server response.
No detection rules found.
Exploit-DB
Macrovision Installshield Update Service - ActiveX Unsafe Method (Metasploit)
exploitdb·2010-09-20
CVE-2007-5660 Macrovision Installshield Update Service - ActiveX Unsafe Method (Metasploit)
Macrovision Installshield Update Service - ActiveX Unsafe Method (Metasploit)
---
##
# $Id: macrovision_unsafe.rb 10394 2010-09-20 08:06:27Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Macrovision InstallShield Update Service ActiveX Unsafe Method',
'Description' => %q{
This module allows attackers to execute code via an unsafe methods in Macrovision InstallShield 2008.
},
'License' => MSF_LICENSE,
'Author' => [ 'MC' ],
'Version' => '$Revision: 10394 $',
'References' =>
[
[ 'CVE', '2007-5660' ],
[ 'OSVDB', '38347' ],
[ 'BID', '2
Exploit-DB
Vinagre < 2.24.2 - 'show_error()' Remote Format String (PoC)
exploitdb·2008-12-09
CVE-2008-5660 Vinagre < 2.24.2 - 'show_error()' Remote Format String (PoC)
Vinagre < 2.24.2 - 'show_error()' Remote Format String (PoC)
---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/
Vinagre show_error() format string vulnerability
1. *Advisory Information*
Title: Vinagre show_error() format string vulnerability
Advisory ID: CORE-2008-1127
Advisory URL: http://www.coresecurity.com/content/vinagre-format-string
Date published: 2008-12-09
Date of last update: 2008-12-09
Vendors contacted: Vinagre team
Release mode: Coordinated release
2. *Vulnerability Information*
Class: Format string
Remotely Exploitable: Yes
Locally Exploitable: No
Bugtraq ID: 32682
CVE Name: N/A
3. *Vulnerability Description*
Vinagre [1] is a VNC client for the GNOME Desktop. A format string err
http://secunia.com/advisories/33041http://secunia.com/advisories/33046http://secunia.com/advisories/33082http://www.coresecurity.com/content/vinagre-format-stringhttp://www.mandriva.com/security/advisories?name=MDVSA-2008:240http://www.securityfocus.com/archive/1/499057/100/0/threadedhttp://www.ubuntu.com/usn/usn-689-1http://www.vupen.com/english/advisories/2008/3362https://bugzilla.redhat.com/show_bug.cgi?id=475070https://www.exploit-db.com/exploits/7401https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00473.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-December/msg00485.htmlhttp://secunia.com/advisories/33041http://secunia.com/advisories/33046http://secunia.com/advisories/33082http://www.coresecurity.com/content/vinagre-format-stringhttp://www.mandriva.com/security/advisories?name=MDVSA-2008:240http://www.securityfocus.com/archive/1/499057/100/0/threadedhttp://www.ubuntu.com/usn/usn-689-1http://www.vupen.com/english/advisories/2008/3362https://bugzilla.redhat.com/show_bug.cgi?id=475070https://www.exploit-db.com/exploits/7401https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00473.htmlhttps://www.redhat.com/archives/fedora-package-announce/2008-December/msg00485.html
2008-12-17
Published