CVE-2010-1039

critical HPE
CVSS v3 Base Score
10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS Score
22.3%
Exploitation probability in 30 days
Top 4% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Confidentiality
C
Integrity
C
Availability
C
Published: May 20, 2010 (5838 days ago)
Last Modified: April 29, 2026
Vendor: HPE
Source: NVD

Description

Format string vulnerability in the _msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.31_09 and earlier on HP HP-UX B.11.11, B.11.23, and B.11.31; and SGI IRIX 6.5 allows remote attackers to execute arbitrary code via an RPC request containing format string specifiers in an invalid directory name.

CWE

CWE-134

Affected Products

hp nfs\/oncplusibm aixibm viossgi irix

References

🔗 aix.software.ibm.com 🔗 marc.info 🔗 osvdb.org 🔗 secunia.com 🔗 secunia.com