CVE-2008-5986

EUVD-2008-5956
Untrusted search path vulnerability in the (1) "VST plugin with Python scripting" and (2) "VST plugin for writing score generators in Python" in Csound 5.08.2, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.9 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 18%
Affected Products (NVD)
VendorProductVersion
csoundcsound
5.08.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
csound
bookworm
1:6.18.1+dfsg-1
fixed
bullseye
1:6.14.0~dfsg-6
fixed
etch
not-affected
sid
1:6.18.1+dfsg-3
fixed
trixie
1:6.18.1+dfsg-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
csound
dapper
ignored
gutsy
ignored
hardy
ignored
intrepid
ignored
jaunty
not-affected
karmic
not-affected
lucid
not-affected
maverick
not-affected
natty
not-affected
oneiric
not-affected
References
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504359
http://www.openwall.com/lists/oss-security/2009/01/26/2
http://www.securityfocus.com/bid/33446
https://bugzilla.redhat.com/show_bug.cgi?id=481550
https://exchange.xforce.ibmcloud.com/vulnerabilities/48276
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504359
http://www.openwall.com/lists/oss-security/2009/01/26/2
http://www.securityfocus.com/bid/33446
https://bugzilla.redhat.com/show_bug.cgi?id=481550
https://exchange.xforce.ibmcloud.com/vulnerabilities/48276