Lucene search

JpcertCVE-2011-0452

HistoryFeb 24, 2011 - 9:00 p.m.

CVE-2011-0452

2011-02-2421:00:01

jpcert

web.nvd.nist.gov

cve-2011-0452

untrusted search path

vulnerability

lunascape

local users

privilege escalation

nvd

CVSS2

6.2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:N/C:C/I:C/A:C

AI Score

6.6

Confidence

High

EPSS

Percentile

5.1%

JSON

Untrusted search path vulnerability in the script function in Lunascape before 6.4.3 allows local users to gain privileges via a Trojan horse executable file in the current working directory.

Affected configurations

Nvd

Node

lunascapelunascapeRange≤6.4.2

lunascapelunascapeMatch3.0.0

lunascapelunascapeMatch3.0.1

lunascapelunascapeMatch3.1.0

lunascapelunascapeMatch3.5.0

lunascapelunascapeMatch3.5.1

lunascapelunascapeMatch3.5.2

lunascapelunascapeMatch3.5.3

lunascapelunascapeMatch3.5.4

lunascapelunascapeMatch3.6.0

lunascapelunascapeMatch3.6.1

lunascapelunascapeMatch3.6.2

lunascapelunascapeMatch3.6.3

lunascapelunascapeMatch3.6.4

lunascapelunascapeMatch3.6.5

lunascapelunascapeMatch4.0.0

lunascapelunascapeMatch4.0.1

lunascapelunascapeMatch4.0.2

lunascapelunascapeMatch4.0.3

lunascapelunascapeMatch4.0.4

lunascapelunascapeMatch4.0.5

lunascapelunascapeMatch4.0.6

lunascapelunascapeMatch4.0.7

lunascapelunascapeMatch4.1.0

lunascapelunascapeMatch4.1.1

lunascapelunascapeMatch4.1.2

lunascapelunascapeMatch4.1.3

lunascapelunascapeMatch4.2.0

lunascapelunascapeMatch4.2.1

lunascapelunascapeMatch4.2.2

lunascapelunascapeMatch4.3.0

lunascapelunascapeMatch4.3.1

lunascapelunascapeMatch4.3.2

lunascapelunascapeMatch4.3.3

lunascapelunascapeMatch4.5.0

lunascapelunascapeMatch4.5.1

lunascapelunascapeMatch4.5.2

lunascapelunascapeMatch4.6

lunascapelunascapeMatch4.6.1

lunascapelunascapeMatch4.6.2

lunascapelunascapeMatch4.6.3

lunascapelunascapeMatch4.6.4

lunascapelunascapeMatch4.6.5

lunascapelunascapeMatch4.7.0

lunascapelunascapeMatch4.7.1

lunascapelunascapeMatch4.7.2

lunascapelunascapeMatch4.7.3

lunascapelunascapeMatch4.7.4

lunascapelunascapeMatch4.8.0

lunascapelunascapeMatch4.8.1

lunascapelunascapeMatch5.0rc3

lunascapelunascapeMatch5.0.0

lunascapelunascapeMatch5.0.1

lunascapelunascapeMatch5.0.2

lunascapelunascapeMatch5.0.3

lunascapelunascapeMatch5.0.4

lunascapelunascapeMatch5.0.5

lunascapelunascapeMatch5.1beta

lunascapelunascapeMatch5.1.0

lunascapelunascapeMatch5.1.1

lunascapelunascapeMatch5.1.2

lunascapelunascapeMatch5.1.3

lunascapelunascapeMatch5.1.4

lunascapelunascapeMatch5.1.5

lunascapelunascapeMatch5.1.6

lunascapelunascapeMatch6.0.0

lunascapelunascapeMatch6.0.1

lunascapelunascapeMatch6.0.2

lunascapelunascapeMatch6.0.3

lunascapelunascapeMatch6.1

lunascapelunascapeMatch6.1.1

lunascapelunascapeMatch6.1.2

lunascapelunascapeMatch6.1.3

lunascapelunascapeMatch6.1.4

lunascapelunascapeMatch6.1.5

lunascapelunascapeMatch6.1.6

lunascapelunascapeMatch6.1.7

lunascapelunascapeMatch6.2

lunascapelunascapeMatch6.2.1

lunascapelunascapeMatch6.3

lunascapelunascapeMatch6.3.1

lunascapelunascapeMatch6.3.2

lunascapelunascapeMatch6.3.3

lunascapelunascapeMatch6.3.4

lunascapelunascapeMatch6.4.1

VendorProductVersionCPE
lunascapelunascape*cpe:2.3:a:lunascape:lunascape:*:*:*:*:*:*:*:*
lunascapelunascape3.0.0cpe:2.3:a:lunascape:lunascape:3.0.0:*:*:*:*:*:*:*
lunascapelunascape3.0.1cpe:2.3:a:lunascape:lunascape:3.0.1:*:*:*:*:*:*:*
lunascapelunascape3.1.0cpe:2.3:a:lunascape:lunascape:3.1.0:*:*:*:*:*:*:*
lunascapelunascape3.5.0cpe:2.3:a:lunascape:lunascape:3.5.0:*:*:*:*:*:*:*
lunascapelunascape3.5.1cpe:2.3:a:lunascape:lunascape:3.5.1:*:*:*:*:*:*:*
lunascapelunascape3.5.2cpe:2.3:a:lunascape:lunascape:3.5.2:*:*:*:*:*:*:*
lunascapelunascape3.5.3cpe:2.3:a:lunascape:lunascape:3.5.3:*:*:*:*:*:*:*
lunascapelunascape3.5.4cpe:2.3:a:lunascape:lunascape:3.5.4:*:*:*:*:*:*:*
lunascapelunascape3.6.0cpe:2.3:a:lunascape:lunascape:3.6.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
lunascape	lunascape	*	cpe:2.3:a:lunascape:lunascape::::::::
lunascape	lunascape	3.0.0	cpe:2.3:a:lunascape:lunascape:3.0.0:::::::*
lunascape	lunascape	3.0.1	cpe:2.3:a:lunascape:lunascape:3.0.1:::::::*
lunascape	lunascape	3.1.0	cpe:2.3:a:lunascape:lunascape:3.1.0:::::::*
lunascape	lunascape	3.5.0	cpe:2.3:a:lunascape:lunascape:3.5.0:::::::*
lunascape	lunascape	3.5.1	cpe:2.3:a:lunascape:lunascape:3.5.1:::::::*
lunascape	lunascape	3.5.2	cpe:2.3:a:lunascape:lunascape:3.5.2:::::::*
lunascape	lunascape	3.5.3	cpe:2.3:a:lunascape:lunascape:3.5.3:::::::*
lunascape	lunascape	3.5.4	cpe:2.3:a:lunascape:lunascape:3.5.4:::::::*
lunascape	lunascape	3.6.0	cpe:2.3:a:lunascape:lunascape:3.6.0:::::::*

Rows per page:

1-10 of 851

References

jvn.jp/en/jp/JVN38362957/

jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000012.html

lunapedia.lunascape.jp/index.php?title=Lunascape6#2011.2F02.2F18_ver_6.4.3

secunia.com/advisories/43441

exchange.xforce.ibmcloud.com/vulnerabilities/65592

CVSS2

6.2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:N/C:C/I:C/A:C

AI Score

6.6

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2011-0452