QwikSec

Security Database

CVE

CWE

Training

CVE-2007-2055

Published: Apr 30, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

AFFLIB 2.2.8 and earlier allows attackers to execute arbitrary commands via shell metacharacters involving (1) certain command line parameters in tools/afconvert.cpp and (2) arguments to the get_parameter function in aimage/ident.cpp. NOTE: it is unknown if the get_parameter vector (2) is ever called.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www.vsecurity.com/bulletins/advisories/2007/afflib-shellinject.txt

x_refsource_MISC

20070427 AFFLIB(TM): Multiple Shell Metacharacter Injections

mailing-list

x_refsource_BUGTRAQ

afflib-multiple-command-execution(33964)

vdb-entry

x_refsource_XF

third-party-advisory

x_refsource_SREASON

vdb-entry

x_refsource_OSVDB

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.