Vulnerability Report

CVE-2008-0047

RCE

Title: Cups RCE

RCE

Proof Of Concept

No public PoC currently indexed for CVE-2008-0047.

CWE Category CWE-119

Published Date Mar 18, 2008

Modified Date Apr 09, 2025

Exploit Status Not Found

Score 9.3 CVSS v2.0

Exploit Probability (EPSS)

25.28%

Vulnerability Summary

CVE-2008-0047: Heap-based buffer overflow in the cgiCompileSearch function in CUPS 1.3.5, and other versions including the version bundled with Apple Mac OS X 10.5.2, when printer sharing is enabled, allows remote attackers to execute arbitrary code via crafted search expressions.

Impacted Vendors

cups 1

easy_software_products 1

Reference Links

http://docs.info.apple.com/article.html?artnum=307562 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=674 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00005.html http://secunia.com/advisories/29420 http://secunia.com/advisories/29431 http://secunia.com/advisories/29448 http://secunia.com/advisories/29485 http://secunia.com/advisories/29573 http://secunia.com/advisories/29603 http://secunia.com/advisories/29634 http://secunia.com/advisories/29655 http://secunia.com/advisories/29750 http://security.gentoo.org/glsa/glsa-200804-01.xml http://www.debian.org/security/2008/dsa-1530 http://www.mandriva.com/security/advisories?name=MDVSA-2008:081 http://www.redhat.com/support/errata/RHSA-2008-0192.html http://www.securityfocus.com/bid/28307 http://www.securitytracker.com/id?1019646 http://www.ubuntu.com/usn/usn-598-1 http://www.us-cert.gov/cas/techalerts/TA08-079A.html http://www.vupen.com/english/advisories/2008/0921/references http://www.vupen.com/english/advisories/2008/0924/references https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10085 https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00091.html https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00105.html http://docs.info.apple.com/article.html?artnum=307562 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=674 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00005.html http://secunia.com/advisories/29420 http://secunia.com/advisories/29431 http://secunia.com/advisories/29448 http://secunia.com/advisories/29485 http://secunia.com/advisories/29573 http://secunia.com/advisories/29603 http://secunia.com/advisories/29634 http://secunia.com/advisories/29655 http://secunia.com/advisories/29750 http://security.gentoo.org/glsa/glsa-200804-01.xml http://www.debian.org/security/2008/dsa-1530 http://www.mandriva.com/security/advisories?name=MDVSA-2008:081 http://www.redhat.com/support/errata/RHSA-2008-0192.html http://www.securityfocus.com/bid/28307 http://www.securitytracker.com/id?1019646 http://www.ubuntu.com/usn/usn-598-1 http://www.us-cert.gov/cas/techalerts/TA08-079A.html http://www.vupen.com/english/advisories/2008/0921/references http://www.vupen.com/english/advisories/2008/0924/references https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10085 https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00091.html https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00105.html

CVSS v2.0

Source Entity [email protected]

Severity HIGH

9.3

Access Vector

N/A

Authentication

N/A

RAW VECTOR AV:N/AC:M/Au:N/C:C/I:C/A:C

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2008-0047 Exploits & PoCs (Proof Of Concept)

No public PoCs found in our database for this CVE.

April 09, 2025 MODIFIED

Vulnerability data or affected products updated.

March 18, 2008 PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector N/A

Complexity N/A

Privileges N/A

Interaction NONE

CVSS Vector String


                                    AV:N/AC:M/Au:N/C:C/I:C/A:C

Affected Stack

No specific products linked.