Command Injection Vulnerability in Enscript by AFS
CVE-2004-1185

Currently unrated

Key Information:

Vendor: Gnu
Status: Enscript
Vendor: CVE Published:; 21 January 2005

Summary

Enscript 1.6.3 lacks proper sanitization of filenames, which may allow remote attackers or local users to craft malicious filenames, subsequently executing arbitrary commands on the affected system. This flaw poses a significant security risk as it can lead to unauthorized access and control over the target system.

References

http://www.securityfocus.com/archive/1/419768/100/0/threaded

vendor-advisoryx_refsource_FEDORA

http://www.securityfocus.com/bid/12329

vdb-entryx_refsource_BID

http://support.apple.com/kb/HT3549

x_refsource_CONFIRM

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jan 21, 2005
Vulnerability Reserved
Dec 13, 2004