Untrusted Search Path Vulnerability in Gnumeric by GNOME
CVE-2009-0318

Currently unrated

Key Information:

Vendor: Gnome
Status: Gnumeric
Vendor: CVE Published:; 28 January 2009

What is CVE-2009-0318?

Gnumeric, the spreadsheet application from GNOME, is vulnerable due to an untrusted search path issue in its GObject Python interpreter wrapper. This vulnerability can be exploited by local users to execute arbitrary code through a specially crafted Python file located in the current working directory. This issue is linked to vulnerabilities in the PySys_SetArgv function, which have been previously documented. Users of Gnumeric are advised to carefully manage their working directories and consider the implications of executing scripts that may reside within.

References

https://bugzilla.redhat.com/show_bug.cgi?id=481572

x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2009/01/26/2

mailing-listx_refsource_MLIST

http://bugzilla.gnome.org/show_bug.cgi?id=569648

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 28, 2009
Vulnerability Reserved
Jan 27, 2009

JSON

Gnome

What is CVE-2009-0318?

References

Timeline