CVE-2009-3721
Severity Score
7.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Multiple directory traversal and buffer overflow vulnerabilities were discovered in yTNEF, and in Evolution's TNEF parser that is derived from yTNEF. A crafted email could cause these applications to write data in arbitrary locations on the filesystem, crash, or potentially execute arbitrary code when decoding attachments.
Se detectaron múltiples vulnerabilidades de salto de directorio y desbordamiento de búfer en yTNEF, y en el analizador TNEF de Evolution que deriva de yTNEF. Un correo electrónico diseñado podría causar que estas aplicaciones escriban datos en ubicaciones arbitrarias en el sistema de archivos, bloqueen, o potencialmente ejecuten código arbitrario cuando se decodifican archivos adjuntos
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2009-10-16 CVE Reserved
- 2021-05-26 CVE Published
- 2024-05-01 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.ocert.org/advisories/ocert-2009-013.html | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=521662 | 2021-06-04 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Gnome Search vendor "Gnome" | Evolution Search vendor "Gnome" for product "Evolution" | * | - |
Affected
| ||||||
| Ytnef Project Search vendor "Ytnef Project" | Ytnef Search vendor "Ytnef Project" for product "Ytnef" | * | - |
Affected
| ||||||