Lucene search

MitreCVE-2004-1302

HistoryJan 10, 2005 - 5:00 a.m.

CVE-2004-1302

2005-01-1005:00:00

mitre

web.nvd.nist.gov

cve-2004-1302

yamt

id3tag_sort

remote command execution

security vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.5

Confidence

Low

EPSS

0.048

Percentile

92.7%

JSON

The id3tag_sort function in id3tag.c for YAMT 0.5 allows remote attackers to execute arbitrary commands via an MP3 file with double quotes in the Artist tag.

Affected configurations

Nvd

Node

yamtyamtMatch0.5

VendorProductVersionCPE
yamtyamt0.5cpe:2.3:a:yamt:yamt:0.5:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
yamt	yamt	0.5	cpe:2.3:a:yamt:yamt:0.5:::::::*

References

rpmfind.net/linux/RPM/suse/updates/8.2/i386/rpm/i586/yamt-0.5-1277.i586.html

secunia.com/advisories/13554

securitytracker.com/id?1012583

tigger.uic.edu/~jlongs2/holes/yamt.txt

www.securityfocus.com/bid/11999

exchange.xforce.ibmcloud.com/vulnerabilities/18614

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.5

Confidence

Low

EPSS

0.048

Percentile

92.7%

JSON

Related for CVE-2004-1302