GNOME.Many.Products.SetArgv.Command.Execution

Release Date May 22, 2009
Severity medium
Impact System compromise
Description This indicates an attack attempt against a command-execution vulnerability in GNOME Dia. The vulnerability is caused by an error when the vulnerable software handles an empty search path. It allows a remote attacker to execute arbitrary commands via sending a malcious zip file.
Affected Products Dia 0.96.1
Recommended Actions Upgrade to Dia 0.96.1-7.1
Coverage IPS VCM
Common Vulnerabilities and Exposures (CVE) CVE-2009-0314 CVE-2008-5984
Reference/s http://www.securityfocus.com/bid/33448 (BugTraq) http://www.securityfocus.com/bid/33445 (BugTraq)

Fortinet