Unrated severityNVD Advisory· Published Aug 7, 2005· Updated Jun 16, 2026
CVE-2005-2482
CVE-2005-2482
Description
The StateToOptions function in msfweb in Metasploit Framework 2.4 and earlier, when running with the -D option (defanged mode), allows attackers to modify temporary environment variables before the "_Defanged" environment option is checked when processing the Exploit command.
Affected products
6cpe:2.3:a:metasploit:metasploit_framework:2.0:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:metasploit:metasploit_framework:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:metasploit:metasploit_framework:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:metasploit:metasploit_framework:2.2:*:*:*:*:*:*:*
- cpe:2.3:a:metasploit:metasploit_framework:2.3:*:*:*:*:*:*:*
- cpe:2.3:a:metasploit:metasploit_framework:2.4:*:*:*:*:*:*:*
- (no CPE)range: <=2.4
Patches
Vulnerability mechanics
References
5News mentions
0No linked articles in our index yet.