CVE-2004-1185

Enscript 1.6.3 - Remote Code Execution via Crafted Filenames

Title source: llm
STIX 2.1

Description

Enscript 1.6.3 does not sanitize filenames, which allows remote attackers or local users to execute arbitrary commands via crafted filenames.

References (16)

Core 16
Core References
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT3549
Third Party Advisory, VDB Entry vendor-advisory x_refsource_fedora
http://www.securityfocus.com/archive/1/419768/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/12329
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10808
Vendor Advisory vendor-advisory x_refsource_mandrake
http://www.mandriva.com/security/advisories?name=MDKSA-2005:033
Vendor Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/68-1/
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1012965
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35074
Patch, Vendor Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2005/dsa-654
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/435199/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/19029
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1297
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2005-040.html
Patch vendor-advisory x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200502-03.xml

Scores

EPSS 0.0739
EPSS Percentile 91.8%

Details

Status published
Products (7)
gnu/enscript 1.3.0
gnu/enscript 1.4.0
gnu/enscript 1.5.0
gnu/enscript 1.6.0
gnu/enscript 1.6.1
gnu/enscript 1.6.2
gnu/enscript 1.6.3
Published Jan 21, 2005
Tracked Since Feb 18, 2026