Base Score

HIGH7.8

CVE-2017-5330

ark before 16.12.1 might allow remote attackers to execute arbitrary code via an executable in an archive, related to associated applications.

VectorLOCAL

Published Bycve@mitre.org

Published DateMar 27, 2017, 15:59

Weakness Type (CWE):CWE-78

CVSS Metrics

Base Score

7.8

Vector String

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Base Severity

HIGH

Version

3.0

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH

References

http://www.openwall.com/lists/oss-security/2017/01/10/2
http://www.securityfocus.com/bid/95349
https://bugs.kde.org/show_bug.cgi?id=374572
https://cgit.kde.org/ark.git/commit/?id=82fdfd24d46966a117fa625b68784735a40f9065
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NIMZUCG6IQR5S65IVQOXQFQV7TMVSYAT/
https://security.gentoo.org/glsa/201701-69

Base Score

HIGH7.8

Weakness Type (CWE):CWE-78

CVSS Metrics

Base Score

7.8

Vector String

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Base Severity

HIGH

Version

3.0

Attack Vector (AV)

LOCAL

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH