CVE-2008-3533 – Yelp 2.23.1 - Invalid URI Format String

https://notcve.org/view.php?id=CVE-2008-3533

Format string vulnerability in the window_error function in yelp-window.c in yelp in Gnome after 2.19.90 and before 2.24 allows remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command line, as demonstrated by use of yelp within (1) man or (2) ghelp URI handlers in Firefox, Evolution, and unspecified other programs. Vulnerabilidad de cadena de formato en la función window_error de yelp-window.c en yelp de Gnome después de 2.19.90 y antes de 2.24 permite a atacantes remotos ejecutar código de su elección mediante especificadores de formato de cadena en un URI no válido en línea de comandos, como se demostró utilizando yelp en los controladores URI (1) man o (2) ghelp en Firefox, Evolution y otros programas no especificados. • https://www.exploit-db.com/exploits/32248 http://bugzilla.gnome.org/attachment.cgi?id=115890 http://bugzilla.gnome.org/show_bug.cgi?id=546364 http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00000.html http://secunia.com/advisories/31465 http://secunia.com/advisories/31620 http://secunia.com/advisories/31834 http://secunia.com/advisories/32629 http://www.mandriva.com/security/advisories?name=MDVSA-2008:175 http://www.securityfocus.com/bid/30690 http://www.ubun • CWE-134: Use of Externally-Controlled Format String •