CVE
- Id
- 3364
- CVE No.
- CVE-2001-0551
- Status
- Candidate
- Description
- Buffer overflow in CDE Print Viewer (dtprintinfo) allows local users to execute arbitrary code by copying text from the clipboard into the Help window.
- Phase
- Modified (20090302)
- Votes
- ACCEPT(2) Baker, Cole | MODIFY(1) Frech | NOOP(2) Foat, Wall | REVIEWING(2) Christey, Green
- Comments
- Christey> There is some overlap between CVE-2001-0551 and CVE-2001-0772. | CVE-2001-0551 describes a specific vulnerability in | dtprintinfo. HP acknowledges CVE-2001-0551 by stating | that the problem is fixed in HP:HPSBUX0105-151, which | is CVE-2001-0772. But CVE-2001-0772 is a vague advisory | that identifies other vulnerabilities (and vulnerability | types) besides CVE-2001-0551. Perhaps CVE-2001-0772 should | be RECAST to "remove" the reference to dtprintinfo and | leave the other vague descriptions. CVE-2001-0772 and | CVE-2001-0551 are very good examples of the problems that | CVE faces in being consistent with respect to the level of | abstraction, as documented in the CD:SF-CODEBASE, CD:SF-LOC, | and CD:VAGUE content decisions. | Baker> We should rewrite the candidate entry CVE-2001-0772 to address the other issues, and point the dtprintinfo issue to this entry. | Frech> XF:cde-dtprintinfo-bo(8034) | Christey> VULNWATCH:20020429 [VulnWatch] eSecurityOnline Security Advisory 2406 - CDE dtprintinfo Help sea rch buffer overflow vulnerability | URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0036.html | BID:4630 | URL:http://www.securityfocus.com/bid/4630 | Christey> CALDERA:CSSA-2002-SCO.30 | Christey> COMPAQ:SSRT2405 | URL:http://www.securityfocus.com/advisories/5997 | BID:8888 | URL:http://www.securityfocus.com/bid/8888
