Vulnerability Details CVE-2014-7209
run-mailcap in the Debian mime-support package before 3.52-1+deb7u1 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 70.8%
CVSS Severity
CVSS v2 Score 7.5
References
- http://secunia.com/advisories/61892
- http://secunia.com/advisories/62079
- http://www.debian.org/security/2014/dsa-3114
- http://www.openwall.com/lists/oss-security/2014/12/31/8
- http://www.securityfocus.com/bid/71797
- https://exchange.xforce.ibmcloud.com/vulnerabilities/99570
- http://secunia.com/advisories/61892
- http://secunia.com/advisories/62079
- http://www.debian.org/security/2014/dsa-3114
- http://www.openwall.com/lists/oss-security/2014/12/31/8
- http://www.securityfocus.com/bid/71797
- https://exchange.xforce.ibmcloud.com/vulnerabilities/99570
Products affected by CVE-2014-7209
-
cpe:2.3:a:debian:mime-support:-
-
cpe:2.3:a:debian:mime-support:3.10
-
cpe:2.3:a:debian:mime-support:3.11
-
cpe:2.3:a:debian:mime-support:3.12
-
cpe:2.3:a:debian:mime-support:3.13
-
cpe:2.3:a:debian:mime-support:3.14
-
cpe:2.3:a:debian:mime-support:3.15
-
cpe:2.3:a:debian:mime-support:3.16
-
cpe:2.3:a:debian:mime-support:3.17
-
cpe:2.3:a:debian:mime-support:3.18
-
cpe:2.3:a:debian:mime-support:3.19
-
cpe:2.3:a:debian:mime-support:3.20
-
cpe:2.3:a:debian:mime-support:3.21
-
cpe:2.3:a:debian:mime-support:3.52-1
-
cpe:2.3:a:debian:mime-support:3.9