When I came across this at work, my first thought was "crumbs, what an obscure piece of software, who on earth could have a use for such a thing outside NASA?"; the second second was "...UMSF!"
So, there's a security vulnerability in the CDF library, which is apparently used in plenty of places outside NASA
An attacker would have to trick the victim into opening an evil CDF data file of some sort, e.g. by masquerading as a trusted source. QUOTE
"CDF [1] is a common data format developed by the NASA Goddard Space Flight Center. [...] The CDF software package is used by hundreds of government agencies, universities, and private and commercial organizations as well as independent researchers on both national and international levels.
The CDF Library is vulnerable to a buffer overflow in the stack, which can be exploited by malicious remote attackers to compromise a user's system. [...]
The CDF Library is vulnerable to a buffer overflow in the stack, which can be exploited by malicious remote attackers to compromise a user's system. [...]
There's a NASA advisory & fixed version here:
http://cdf.gsfc.nasa.gov/CDF32_buffer_overflow.html