CVE-2008-1467

EUVD-2008-1471
CenterIM 4.22.3 and earlier allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a URI, related to "received URLs in the message window."  NOTE: this issue has been disputed due to the user-assisted nature, since the URL must be selected and launched by the victim
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 88%
Affected Products (NVD)
VendorProductVersion
centerimcenterim
4.22.3
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
centericq
dapper
ignored
edgy
ignored
feisty
ignored
gutsy
dne
hardy
dne
intrepid
dne
jaunty
dne
karmic
dne
centerim
dapper
dne
edgy
dne
feisty
dne
gutsy
ignored
hardy
Fixed 4.22.2-1ubuntu2
released
intrepid
Fixed 4.22.2-1ubuntu2
released
jaunty
Fixed 4.22.2-1ubuntu2
released
karmic
Fixed 4.22.2-1ubuntu2
released
Common Weakness Enumeration
References
http://secunia.com/advisories/29489
http://secunia.com/advisories/29597
http://www.securityfocus.com/bid/28362
http://www.vupen.com/english/advisories/2008/0956/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41362
https://www.exploit-db.com/exploits/5283
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00073.html
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00076.html
http://secunia.com/advisories/29489
http://secunia.com/advisories/29597
http://www.securityfocus.com/bid/28362
http://www.vupen.com/english/advisories/2008/0956/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41362
https://www.exploit-db.com/exploits/5283
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00073.html
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00076.html