CyberSec.Space Logo
返回 CVE 浏览器

CVE-2007-6531

MEDIUM
5.0
CVSS Severity Score
EPSS Score0.0840%
EPSS Percentile35.68th
Published2008年1月9日
Last Modified2026年4月23日

Vulnerability Description

Stack-based buffer overflow in the Panel (xfce4-panel) component in Xfce before 4.4.2 might allow remote attackers to execute arbitrary code via Launcher tooltips. NOTE: a second buffer overflow (over-read) in the xfce_mkdirhier function was also reported, but it might not be exploitable for a crash or code execution, so it is not a vulnerability.

Affected Platforms (CPE)

📦
Xfce

Xfce

<= 4.4.1

References & Advisories

🔗 http://bugs.gentoo.org/show_bug.cgi?id=201289
🔗 http://bugs.gentoo.org/show_bug.cgi?id=201293
🔗 http://osvdb.org/43422
🔗 http://security.gentoo.org/glsa/glsa-200801-06.xml
🔗 http://www.vupen.com/english/advisories/2008/0080
🔗 http://www.xfce.org/documentation/changelogs/4.4.2
🔗 http://bugs.gentoo.org/show_bug.cgi?id=201289
🔗 http://bugs.gentoo.org/show_bug.cgi?id=201293

相关漏洞威胁

CVE-2007-653210.0

Double free vulnerability in the Widget Library (libxfcegui4) in Xfce before 4.4.2 might allow remote attackers to execute arbitra...

CVE-2007-37707.8

The terminal_helper_execute function in terminal/terminal.c in Xfce Terminal 0.2.6 allows user-assisted remote attackers to execut...

CVE-2009-46427.2

gnome-screensaver 2.26.1 relies on the gnome-session D-Bus interface to determine session idle time, even when an Xfce desktop suc...

CVE-2009-49967.2

Xfce4-session 4.5.91 in Xfce does not lock the screen when the suspend or hibernate button is pressed, which might make it easier ...