ID CVE-2008-0673
Summary TinTin++ 1.97.9 and WinTin++ 1.97.9 open files on the basis of an inbound file-transfer request, before the user has an opportunity to decline the request, which allows remote attackers to truncate arbitrary files in the top level of a home directory.
References
Vulnerable Configurations
  • cpe:2.3:a:tintin:tintin\+\+:1.97.9:*:*:*:*:*:*:*
    cpe:2.3:a:tintin:tintin\+\+:1.97.9:*:*:*:*:*:*:*
  • cpe:2.3:a:tintin:wintin\+\+:1.97.9:*:*:*:*:*:*:*
    cpe:2.3:a:tintin:wintin\+\+:1.97.9:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 15-10-2018 - 22:02)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 27660
bugtraq 20080206 Chat vulnerabilities in TinTin++ 1.97.9
gentoo GLSA-201111-07
misc http://aluigi.altervista.org/adv/rintintin-adv.txt
secunia 28833
sreason 3632
vupen ADV-2008-0449
Last major update 15-10-2018 - 22:02
Published 12-02-2008 - 01:00
Last modified 15-10-2018 - 22:02
Back to Top