Vulnerability Details CVE-2004-0965
stmkfont in HP-UX B.11.00 through B.11.23 relies on the user-specified PATH when executing certain commands, which allows local users to execute arbitrary code by modifying the PATH environment variable to point to malicious programs.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 18.5%
CVSS Severity
CVSS v2 Score 7.2
References
- http://marc.info/?l=bugtraq&m=109837243713696&w=2
- http://www.nsfocus.com/english/homepage/research/0402.htm
- http://www.securityfocus.com/advisories/7351
- http://www.securityfocus.com/bid/11493
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17813
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5538
- http://marc.info/?l=bugtraq&m=109837243713696&w=2
- http://www.nsfocus.com/english/homepage/research/0402.htm
- http://www.securityfocus.com/advisories/7351
- http://www.securityfocus.com/bid/11493
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17813
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5538