CVE-2009-1440 - Incomplete blacklist vulnerability in DownloadListCtrl.cpp in amule 2.2.4 allows remote attackers to

CVE-2009-1440

Summary

Incomplete blacklist vulnerability in DownloadListCtrl.cpp in amule 2.2.4 allows remote attackers to conduct argument injection attacks into a command for mplayer via a crafted filename.

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=525078
http://secunia.com/advisories/34839
http://www.debian.org/security/2009/dsa-1821
http://www.openwall.com/lists/oss-security/2009/04/22/1
http://www.securityfocus.com/bid/34683
https://exchange.xforce.ibmcloud.com/vulnerabilities/50205

Vulnerable Configurations

cpe:2.3:a:amule:amule:2.2.4:*:*:*:*:*:*:*
cpe:2.3:a:amule:amule:2.2.4:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 17-08-2017 - 01:30)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

bid	34683
debian	DSA-1821
misc	http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=525078
mlist	[oss-security] 20090422 CVE id request: amule
secunia	34839
xf	amule-downloadlistctrl-command-execution(50205)

Last major update

17-08-2017 - 01:30

Published

27-04-2009 - 18:00

Last modified

17-08-2017 - 01:30