CVE-2003-0165

Eye Of Gnome - Remote Code Execution via Format String Specifiers in Command Line Argument

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-0165. PoCs published by Core Security.

AI-analyzed exploit summary The exploit demonstrates a format string vulnerability in GNOME Eye of Gnome (EOG) image viewer. By passing malicious format specifiers via the command line, an attacker can potentially execute arbitrary code. This could lead to local privilege escalation or remote exploitation if EOG is configured as a handler for images.

Description

Format string vulnerability in Eye Of Gnome (EOG) allows attackers to execute arbitrary code via format string specifiers in a command line argument for the file to display.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Core Security · textlocallinux

https://www.exploit-db.com/exploits/22376

View Code ZIP pw:eip

The exploit demonstrates a format string vulnerability in GNOME Eye of Gnome (EOG) image viewer. By passing malicious format specifiers via the command line, an attacker can potentially execute arbitrary code. This could lead to local privilege escalation or remote exploitation if EOG is configured as a handler for images.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: GNOME Eye of Gnome (EOG) image viewer

No auth needed

Prerequisites: Access to command line where EOG is installed · EOG configured as a handler for images

MITRE ATT&CK