CVE-2004-1274 - The DownloadLoop function in main.c for greed 0.81p allows remote attackers to execute arbitrary cod

CVE-2004-1274

Summary

The DownloadLoop function in main.c for greed 0.81p allows remote attackers to execute arbitrary code via a GRX file containing a filename with shell metacharacters.

References

http://tigger.uic.edu/~jlongs2/holes/greed.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/18634

Vulnerable Configurations

cpe:2.3:a:greed:greed:0.81p:*:*:*:*:*:*:*
cpe:2.3:a:greed:greed:0.81p:*:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 11-07-2017 - 01:30)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

refmap via4

misc	http://tigger.uic.edu/~jlongs2/holes/greed.txt
xf	greed-downloadloop-command-execution(18634)

Last major update

11-07-2017 - 01:30

Published

10-01-2005 - 05:00

Last modified

11-07-2017 - 01:30