CVE-2009-0068

Interaction error in xdg-open allows remote attackers to execute arbitrary code by sending a file with a dangerous MIME type but using a safe type that Firefox sends to xdg-open, which causes xdg-open to process the dangerous file type through automatic type detection, as demonstrated by overwriting the .desktop file.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 79%
VendorProductVersion
freedesktopxdg-utils
1.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
xdg-utils
sid
1.1.3-4.1
fixed
trixie
1.1.3-4.1
fixed
bookworm
1.1.3-4.1
fixed
bullseye
1.1.3-4.1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
xdg-utils
karmic
ignored
jaunty
ignored
intrepid
ignored
hardy
ignored
gutsy
ignored
dapper
dne
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2009/01/06/1
http://www.securityfocus.com/bid/33137
https://bugs.freedesktop.org/show_bug.cgi?id=19377
http://www.openwall.com/lists/oss-security/2009/01/06/1
http://www.securityfocus.com/bid/33137
https://bugs.freedesktop.org/show_bug.cgi?id=19377