VULHUB ™

CDE is the Common Desktop Environment. It is distributed with several versions of the UNIX Operating System, and maintained by various vendors. It is possible to execute arbitrary code through the dtprintinfo program. When the dtprintinfo program is executed, a help menu is supplied via the desktop. By using this help menu, and performing a volume search with a string of arbitrary length, it is possible to cause a buffer overflow that could be used to overwrite stack variables, including the return address.

CDE is the Common Desktop Environment. It is distributed with several versions of the UNIX Operating System, and maintained by various vendors. It is possible to execute arbitrary code through the dtprintinfo program. When the dtprintinfo program is executed, a help menu is supplied via the desktop. By using this help menu, and performing a volume search with a string of arbitrary length, it is possible to cause a buffer overflow that could be used to overwrite stack variables, including the return address.