CVE-2008-1638 - Vulnerability Details - OpenCVE

Nik Sharpener Pro, possibly 2.0, uses world-writable permissions for plug-in files, which allows local users to gain privileges by replacing a plug-in with a Trojan horse.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Nik Software Inc	Nik Sharpener Pro

Configuration 1 [-]

cpe:2.3:a:nik_software_inc:nik_sharpener_pro:2.0:*:inkjet:*:*:*:*:*

No data.

References

Link	Providers
http://secunia.com/advisories/29586
http://www.kb.cert.org/vuls/id/124289
http://www.securityfocus.com/bid/27707
https://exchange.xforce.ibmcloud.com/vulnerabilities/41535

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-04-02T17:00:00

Updated: 2024-08-07T08:32:00.588Z

Reserved: 2008-04-02T00:00:00

Link: CVE-2008-1638

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2008-04-02T17:44:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2008-1638

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-03-28T00:00:00", "descriptions": [{"lang": "en", "value": "Nik Sharpener Pro, possibly 2.0, uses world-writable permissions for plug-in files, which allows local users to gain privileges by replacing a plug-in with a Trojan horse."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "29586", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29586"}, {"name": "niksharpenerpro-plugin-insecure-permissions(41535)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41535"}, {"name": "VU#124289", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/124289"}, {"name": "27707", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/27707"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-1638", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Nik Sharpener Pro, possibly 2.0, uses world-writable permissions for plug-in files, which allows local users to gain privileges by replacing a plug-in with a Trojan horse."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "29586", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29586"}, {"name": "niksharpenerpro-plugin-insecure-permissions(41535)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41535"}, {"name": "VU#124289", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/124289"}, {"name": "27707", "refsource": "BID", "url": "http://www.securityfocus.com/bid/27707"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T08:32:00.588Z"}, "title": "CVE Program Container", "references": [{"name": "29586", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29586"}, {"name": "niksharpenerpro-plugin-insecure-permissions(41535)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41535"}, {"name": "VU#124289", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/124289"}, {"name": "27707", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/27707"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-1638", "datePublished": "2008-04-02T17:00:00", "dateReserved": "2008-04-02T00:00:00", "dateUpdated": "2024-08-07T08:32:00.588Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nik_software_inc:nik_sharpener_pro:2.0:*:inkjet:*:*:*:*:*", "matchCriteriaId": "95D4CDF7-EF89-49C1-B943-D5D53E2CA4B9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Nik Sharpener Pro, possibly 2.0, uses world-writable permissions for plug-in files, which allows local users to gain privileges by replacing a plug-in with a Trojan horse."}, {"lang": "es", "value": "Nik Sharpener Pro, posiblemente 2.0, utiliza permisos world-writable para archivos plugin, lo que permite a usuarios locales obtener privilegios remplazando un plugin por un troyano."}], "id": "CVE-2008-1638", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 6.8, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-04-02T17:44:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/29586"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/124289"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/27707"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41535"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/29586"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/124289"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/27707"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41535"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}