CVE-2008-1467

CenterIM 4.22.3 and earlier allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a URI, related to "received URLs in the message window."  NOTE: this issue has been disputed due to the user-assisted nature, since the URL must be selected and launched by the victim
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
VendorProductVersion
centerimcenterim
4.22.3
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
centericq
karmic
dne
jaunty
dne
intrepid
dne
hardy
dne
gutsy
dne
feisty
ignored
edgy
ignored
dapper
ignored
centerim
karmic
Fixed 4.22.2-1ubuntu2
released
jaunty
Fixed 4.22.2-1ubuntu2
released
intrepid
Fixed 4.22.2-1ubuntu2
released
hardy
Fixed 4.22.2-1ubuntu2
released
gutsy
ignored
feisty
dne
edgy
dne
dapper
dne
Common Weakness Enumeration
References
http://secunia.com/advisories/29489
http://secunia.com/advisories/29597
http://www.securityfocus.com/bid/28362
http://www.vupen.com/english/advisories/2008/0956/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41362
https://www.exploit-db.com/exploits/5283
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00073.html
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00076.html
http://secunia.com/advisories/29489
http://secunia.com/advisories/29597
http://www.securityfocus.com/bid/28362
http://www.vupen.com/english/advisories/2008/0956/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/41362
https://www.exploit-db.com/exploits/5283
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00073.html
https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00076.html