CVE-2007-6532

Xfce <4.4.2 - Remote Code Execution

Title source: llm
STIX 2.1

Description

Double free vulnerability in the Widget Library (libxfcegui4) in Xfce before 4.4.2 might allow remote attackers to execute arbitrary code via unknown vectors related to the "cliend id, program name and working directory in session management."

References (4)

Core 4
Core References
Issue Tracking x_refsource_confirm
http://bugs.gentoo.org/show_bug.cgi?id=201292
Various Sources x_refsource_confirm
http://www.xfce.org/documentation/changelogs/4.4.2
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2008/0080
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200801-06.xml

Scores

EPSS 0.0398
EPSS Percentile 89.3%

Details

CWE
CWE-119
Status published
Products (1)
xfce/xfce < 4.4.1
Published Jan 09, 2008
Tracked Since Feb 18, 2026