Symlink Attack in Catdoc's XLSView Enables Local File Overwrite
CVE-2003-0193

Currently unrated

Key Information:

Vendor

Catdoc

Status
Catdoc
Vendor
CVE Published:
18 August 2004

What is CVE-2003-0193?

The vulnerability in XLSView for Catdoc allows local users to perform a symlink attack on predictable temporary file names, enabling them to overwrite arbitrary files. This issue arises from insufficient validation in the handling of temporary file names, specifically in the 'msxlsview.sh' script when using versions 0.91 and earlier of the product. Attackers can exploit this flaw by creating a symbolic link that points to a sensitive file on the system, leading to unintended data modification or loss.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.osvdb.org/11193
vdb-entryx_refsource_OSVDB
http://www.securityfocus.com/bid/11560
vdb-entryx_refsource_BID
http://secunia.com/advisories/13021/
third-party-advisoryx_refsource_SECUNIA

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.