Ghostscript Arbitrary Command Execution Vulnerability Network Vulnerability

Summary

This host is installed with Ghostscript and is prone to arbitrary command execution vulnerability.

Impact

Successful exploitation allows the attackers to execute arbitrary postscript commands via the 'gs_init.ps' file, if a user is tricked into opening a file using the '-P-' option in an attacker controlled directory. Impact Level: Application

Solution

Upgrade Ghostscript to version 9.0 or later, For updates refer to http://www.ghostscript.com

Insight

The flaw is due to, application reading certain postscript files in the current working directory although the '-P-' command line option is set.

Affected

Ghostscript version 8.71 and prior

References

http://secunia.com/advisories/40452
http://www.vupen.com/english/advisories/2010/1757

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2055

CVSS	Base Score: 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Air Multiple Vulnerabilities June-2012 (Windows)
Adobe Acrobat Multiple Unspecified Vulnerabilities -01 Feb13 (Mac OS X)
Adobe Air and Flash Player Multiple Vulnerabilities (Mac OS X)
Adobe Air Multiple Vulnerabilities - November12 (Windows)
Adobe Air Multiple Vulnerabilities -01 May 13 (Windows)

Take action and discover your vulnerabilities