CVE-2022-43752

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-43752
Oracle Solaris version 10 1/13, when using the Common Desktop Environment (CDE), is vulnerable to a privilege escalation vulnerability. A low privileged user can escalate to root by crafting a malicious printer and double clicking on the the crafted printer's icon.

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
http://phrack.org/issues/70/13.html#article Exploit Issue Tracking Technical Description Third Party Advisory
https://github.com/0xdea/exploits/blob/master/solaris/raptor_dtprintcheckdir_intel.c Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:common_desktop_environment_project:_common_desktop_environment:-:*:*:*:*:*:*:*
cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*
History

07 Nov 2023, 03:54

Type Values Removed Values Added
Summary ** UNSUPPORTED WHEN ASSIGNED ** Oracle Solaris version 10 1/13, when using the Common Desktop Environment (CDE), is vulnerable to a privilege escalation vulnerability. A low privileged user can escalate to root by crafting a malicious printer and double clicking on the the crafted printer's icon. Oracle Solaris version 10 1/13, when using the Common Desktop Environment (CDE), is vulnerable to a privilege escalation vulnerability. A low privileged user can escalate to root by crafting a malicious printer and double clicking on the the crafted printer's icon.

07 Nov 2022, 15:53

Type Values Removed Values Added
References (MISC) http://phrack.org/issues/70/13.html#article - (MISC) http://phrack.org/issues/70/13.html#article - Exploit, Issue Tracking, Technical Description, Third Party Advisory
References (MISC) https://github.com/0xdea/exploits/blob/master/solaris/raptor_dtprintcheckdir_intel.c - (MISC) https://github.com/0xdea/exploits/blob/master/solaris/raptor_dtprintcheckdir_intel.c - Exploit, Third Party Advisory
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.8
First Time Common Desktop Environment Project Common Desktop Environment
Oracle
Oracle solaris
Common Desktop Environment Project
CWE CWE-120
CPE cpe:2.3:a:common_desktop_environment_project:_common_desktop_environment:-:*:*:*:*:*:*:*
cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*

31 Oct 2022, 21:15

Type Values Removed Values Added
New CVE
Information

Published : 2022-10-31 21:15

Updated : 2024-04-11 01:16

NVD link : CVE-2022-43752

Mitre link : CVE-2022-43752

CVE.ORG link : CVE-2022-43752

JSON object : View

Products Affected

oracle

  • solaris

common_desktop_environment_project

  • _common_desktop_environment
CWE
CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')