Command Injection Vulnerability in Enscript by AFS
CVE-2004-1185

Currently unrated

Key Information:

Vendor

Gnu
Status
Enscript
Vendor
CVE Published:
21 January 2005

What is CVE-2004-1185?

Enscript 1.6.3 lacks proper sanitization of filenames, which may allow remote attackers or local users to craft malicious filenames, subsequently executing arbitrary commands on the affected system. This flaw poses a significant security risk as it can lead to unauthorized access and control over the target system.

References

http://www.securityfocus.com/archive/1/419768/100/0/threaded
vendor-advisoryx_refsource_FEDORA
http://www.securityfocus.com/bid/12329
vdb-entryx_refsource_BID
http://support.apple.com/kb/HT3549
x_refsource_CONFIRM

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.