Lucene search

[email protected]CVE-2000-0727

HistoryOct 20, 2000 - 4:00 a.m.

CVE-2000-0727

2000-10-2004:00:00

[email protected]

web.nvd.nist.gov

cve-2000-0727

xpdf security vulnerability

arbitrary command execution

embedded url's flaw

7.6 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

7.8 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.2%

JSON

xpdf PDF viewer client earlier than 0.91 does not properly launch a web browser for embedded URL’s, which allows an attacker to execute arbitrary commands via a URL that contains shell metacharacters.

Affected configurations

NVD

Node

xpdfxpdfMatch0.90

CPENameOperatorVersion
xpdf:xpdfxpdfeq0.90

CPE	Name	Operator	Version
xpdf:xpdf	xpdf	eq	0.90

References

marc.info/?l=bugtraq&m=96766355023239&w=2

marc.info/?l=bugtraq&m=96886599829687&w=2

www.calderasystems.com/support/security/advisories/CSSA-2000-031.0.txt

www.debian.org/security/2000/20000910a

www.redhat.com/support/errata/RHSA-2000-060.html

www.securityfocus.com/bid/1624

7.6 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

7.8 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.2%

JSON

Related for CVE-2000-0727

cvelist1 nvd1