CVE-2004-0784
First published: Thu Sep 02 2004(Updated: )
The smiley theme functionality in Gaim before 0.82 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of the tar file that is dragged to the smiley selector.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Gaim | =0.71 | |
| Gaim | =0.10.3 | |
| Gaim | =0.61 | |
| Gaim | =0.53 | |
| Gaim | =0.73 | |
| Gaim | =0.60 | |
| Gaim | =0.69 | |
| Gaim | =0.52 | |
| Gaim | =0.72 | |
| Gaim | =0.65 | |
| Gaim | =0.59 | |
| Gaim | =0.62 | |
| Gaim | =0.74 | |
| Gaim | =0.51 | |
| Gaim | =0.56 | |
| Gaim | =0.54 | |
| Gaim | =0.55 | |
| Gaim | =0.68 | |
| Gaim | =0.67 | |
| Gaim | =0.10 | |
| Gaim | =0.59.1 | |
| Gaim | =0.70 | |
| Gaim | =0.50 | |
| Gaim | =0.66 | |
| Gaim | =0.63 | |
| Gaim | =0.64 | |
| Gaim | =0.58 | |
| Gaim | =0.75 | |
| Gaim | =0.57 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://gaim.sourceforge.net/security/?id=1
- http://www.fedoranews.org/updates/FEDORA-2004-278.shtml
- http://www.fedoranews.org/updates/FEDORA-2004-279.shtml
- http://www.gentoo.org/security/en/glsa/glsa-200408-27.xml
- http://www.redhat.com/support/errata/RHSA-2004-400.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17144
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10008
Frequently Asked Questions
What is the severity of CVE-2004-0784?
The severity of CVE-2004-0784 is considered high due to its ability to allow remote command execution.
How do I fix CVE-2004-0784?
To fix CVE-2004-0784, upgrade Gaim to a version that is not vulnerable, such as 0.82 or later.
Which versions of Gaim are affected by CVE-2004-0784?
CVE-2004-0784 affects Gaim versions from 0.10 through 0.74.
What type of vulnerability is CVE-2004-0784?
CVE-2004-0784 is a vulnerability that allows arbitrary command execution via shell metacharacters.
Who can be impacted by CVE-2004-0784?
Users of vulnerable Gaim versions can be impacted by CVE-2004-0784 if they access malicious tar files.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/remedy
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/rob flynn
- canonical/gaim
- version/gaim/0.71
- version/gaim/0.10.3
- version/gaim/0.61
- version/gaim/0.53
- version/gaim/0.73
- version/gaim/0.60
- version/gaim/0.69
- version/gaim/0.52
- version/gaim/0.72
- version/gaim/0.65
- version/gaim/0.59
- version/gaim/0.62
- version/gaim/0.74
- version/gaim/0.51
- version/gaim/0.56
- version/gaim/0.54
- version/gaim/0.55
- version/gaim/0.68
- version/gaim/0.67
- version/gaim/0.10
- version/gaim/0.59.1
- version/gaim/0.70
- version/gaim/0.50
- version/gaim/0.66
- version/gaim/0.63
- version/gaim/0.64
- version/gaim/0.58
- version/gaim/0.75
- version/gaim/0.57