CVE-2009-0068

EUVD-2009-0077
Interaction error in xdg-open allows remote attackers to execute arbitrary code by sending a file with a dangerous MIME type but using a safe type that Firefox sends to xdg-open, which causes xdg-open to process the dangerous file type through automatic type detection, as demonstrated by overwriting the .desktop file.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 79%
Affected Products (NVD)
VendorProductVersion
freedesktopxdg-utils
1.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
xdg-utils
bookworm
1.1.3-4.1
fixed
bullseye
1.1.3-4.1
fixed
sid
1.1.3-4.1
fixed
trixie
1.1.3-4.1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
xdg-utils
dapper
dne
gutsy
ignored
hardy
ignored
intrepid
ignored
jaunty
ignored
karmic
ignored
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2009/01/06/1
http://www.securityfocus.com/bid/33137
https://bugs.freedesktop.org/show_bug.cgi?id=19377
http://www.openwall.com/lists/oss-security/2009/01/06/1
http://www.securityfocus.com/bid/33137
https://bugs.freedesktop.org/show_bug.cgi?id=19377