9.3
CVE-2011-3185
- EPSS 4.79%
- Veröffentlicht 29.08.2011 17:55:01
- Zuletzt bearbeitet 16.06.2026 23:32:49
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
gtkutils.c in Pidgin before 2.10.0 on Windows allows user-assisted remote attackers to execute arbitrary programs via a file: URL in a message.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.79% | 0.908 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://secunia.com/advisories/45663
http://securitytracker.com/id?1025961
http://www.securityfocus.com/bid/49268
http://www.openwall.com/lists/oss-security/2011/08/22/10
http://www.openwall.com/lists/oss-security/2011/08/22/12
http://www.openwall.com/lists/oss-security/2011/08/22/7
http://developer.pidgin.im/viewmtn/revision/diff/29484df15413fe3bbd21bbfcef26a55362055a81/with/5749f9193063800d27bef75c2388f6f9cc2f7f37/pidgin/gtkutils.c
http://developer.pidgin.im/viewmtn/revision/info/5749f9193063800d27bef75c2388f6f9cc2f7f37
http://pidgin.im/news/security/?id=55
http://www.insomniasec.com/advisories/ISVA-110822.1.htm
http://www.openwall.com/lists/oss-security/2011/08/22/
http://www.securityfocus.com/archive/1/519391/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/69342
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18324