Lucene search

[email protected]CVE-2005-2382

HistoryJul 26, 2005 - 4:00 a.m.

CVE-2005-2382

2005-07-2604:00:00

[email protected]

web.nvd.nist.gov

oray peanuthull

privilege escalation

local users

vulnerability

cve-2005-2382

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Oray PeanutHull 3.0.1.0 and earlier does not properly drop SYSTEM privileges when launched from the system tray, which allows local users to gain privileges by accessing the Help functionality.

Affected configurations

NVD

Node

oraypeanuthullMatch3.0.1.0

CPENameOperatorVersion
oray:peanuthulloray peanuthulleq3.0.1.0

CPE	Name	Operator	Version
oray:peanuthull	oray peanuthull	eq	3.0.1.0

References

marc.info/?l=bugtraq&m=112190569628213&w=2

secunia.com/advisories/16124

secway.org/advisory/AD20050720EN.txt

www.securityfocus.com/bid/14330

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2005-2382

cvelist1 nvd1