CVE-2012-3355
Rhythmbox < 0.13.3 - Local Arbitrary Code Execution via Symlink Attack on Temporary HTML Template
Title source: llmDescription
(1) AlbumTab.py, (2) ArtistTab.py, (3) LinksTab.py, and (4) LyricsTab.py in the Context module in GNOME Rhythmbox 0.13.3 and earlier allows local users to execute arbitrary code via a symlink attack on a temporary HTML template file in the /tmp/context directory.
References (10)
Core 10
Core References
Issue Tracking x_refsource_misc
https://bugzilla.gnome.org/show_bug.cgi?id=678661
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/06/25/5
Various Sources vendor-advisory
x_refsource_suse
https://hermes.opensuse.org/messages/15351848
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/06/25/7
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/54186
Various Sources x_refsource_misc
http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-3355.html
Issue Tracking x_refsource_misc
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=616673
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1503-1
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/76538
Issue Tracking x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=835076
Scores
EPSS
0.0009
EPSS Percentile
25.8%
Details
CWE
CWE-94
Status
published
Products (50)
gnome/rhythmbox
0.5.0
gnome/rhythmbox
0.5.1
gnome/rhythmbox
0.5.2
gnome/rhythmbox
0.5.3
gnome/rhythmbox
0.5.4
gnome/rhythmbox
0.5.88
gnome/rhythmbox
0.6.0
gnome/rhythmbox
0.6.1
gnome/rhythmbox
0.6.2
gnome/rhythmbox
0.6.3
... and 40 more
Published
Jul 17, 2012
Tracked Since
Feb 18, 2026