Vulnerability Solutions
 |
added scans last 7 days |
| The Nimsoft Cloud Monitor Periodic Vulnerability Scan checks for the vulnerability below. To see the most recently added vulnerability solutions that are scanned by WatchMouse, go to the Vulnerability Solutions overview |
| Category: Gentoo Local Security Checks | Risk factor: Medium | Added: 3 Jul 2009 |
| Synopsis: The remote host is missing the GLSA-200907-01 security update. Description: The remote host is affected by the vulnerability described in GLSA-200907-01 (libwmf: User-assisted execution of arbitrary code) The embedded fork of the GD library introduced a "use-after-free" vulnerability in a modification which is specific to libwmf. Impact A remote attacker could entice a user to open a specially crafted WMF file, possibly resulting in the execution of arbitrary code with the privileges of the user running the application, or a Denial of Service. Workaround There is no known workaround at this time. See also: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1364 http://www.gentoo.org/security/en/glsa/glsa-200907-01.xml Solution: All libwmf users should upgrade to the latest version which no longer builds the GD library: # emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/libwmf-0.2.8.4-r3" Risk factor: Medium |
||
