cbcvebase.
CVE-2012-4425
published 2012-09-18

CVE-2012-4425: libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary…

PriorityP335medium6.9CVSS 2.0
AVLACMAuNCCICAC
EXPLOIT
EPSS
1.09%
61.3th percentile
libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUS_SYSTEM_BUS_ADDRESS environment variable. NOTE: it could be argued that this is a vulnerability in the applications that do not cleanse environment variables, not in libgio itself.

Affected

5 ranges
VendorProductVersion rangeFixed in
debianspice-gtk< spice-gtk 0.12-5 (bookworm)spice-gtk 0.12-5 (bookworm)
spice-gtk_projectspice-gtk>= 0 < 0.12-50.12-5
spice-gtk_projectspice-gtk>= 0 < 0.12-50.12-5
spice-gtk_projectspice-gtk>= 0 < 0.12-50.12-5
spice-gtk_projectspice-gtk>= 0 < 0.12-50.12-5

CVSS provenance

nvdv2.06.9MEDIUMAV:L/AC:M/Au:N/C:C/I:C/A:C
osv6.9MEDIUM
vendor_debian6.9MEDIUM
vendor_redhat6.9MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.