GTK+ Arbitrary Loadable Module Execution Vulnerability

GTK+ is the Gimp Toolkit, freely available to the public and maintained by the GTK Development Team. A problem exists in the Gimp Toolkit that could allow a user elevated privileges.

The problem occurs in the ability to load modules with the GTK_MODULES environment variable. It is possible to specify a path to modules that may not be part of the GTK+ package using this environment variable. By doing so, a custom crafted module can be loaded by the toolkit. Once loaded by the toolkit, the module is executed. This issue makes it possible for a user with malicious intent to potentially gain elevated privileges, overwrite system files, or execute arbitrary and potentially dangerous code.


Privacy Statement
Copyright 2010, SecurityFocus