ByteOS Network

NVD Vulnerability Details :

CVE-2008-5986

Modified

Source-cve@mitre.org

Published At-28 Jan, 2009 | 11:30

Updated At-08 Aug, 2017 | 01:33

Untrusted search path vulnerability in the (1) "VST plugin with Python scripting" and (2) "VST plugin for writing score generators in Python" in Csound 5.08.2, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	6.9	MEDIUM	AV:L/AC:M/Au:N/C:C/I:C/A:C

Type: Primary

Version: 2.0

Base score: 6.9

Base severity: MEDIUM

Vector:

AV:L/AC:M/Au:N/C:C/I:C/A:C

CPE Matches

csound>>csound>>5.08.2

cpe:2.3:a:csound:csound:5.08.2:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-Other	Primary	nvd@nist.gov

CWE ID: NVD-CWE-Other

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504359	cve@mitre.org	N/A
http://www.openwall.com/lists/oss-security/2009/01/26/2	cve@mitre.org	N/A
http://www.securityfocus.com/bid/33446	cve@mitre.org	N/A
https://bugzilla.redhat.com/show_bug.cgi?id=481550	cve@mitre.org	N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/48276	cve@mitre.org	N/A