QwikSec

Security Database

CVE

CWE

Training

CVE-2008-5986

Published: Jan 28, 2009

Modified: Aug 7, 2024

PUBLISHED

Description

Untrusted search path vulnerability in the (1) "VST plugin with Python scripting" and (2) "VST plugin for writing score generators in Python" in Csound 5.08.2, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_BID

https://bugzilla.redhat.com/show_bug.cgi?id=481550

x_refsource_CONFIRM

csound-pysyssetargv-privilege-escalation(48276)

vdb-entry

x_refsource_XF

[oss-security] 20090126 CVE request -- Python < 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric)

mailing-list

x_refsource_MLIST

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504359

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.