You are here

CVE-2012-4463

Vincent (CVE) Danen's picture
Midnight Commander (mc) 4.8.5 does not properly handle the (1) MC_EXT_SELECTED or (2) MC_EXT_ONLYTAGGED environment variables when multiple files are selected, which allows user-assisted remote attackers to execute arbitrary commands via a crafted file name.

Details Source

Mitre

Public Date

2012-09-28 00:00:00

Impact

Low

Bugzilla

CVE-2012-4463 mc: Improper sanitization of MC_EXT_SELECTED variable when viewing multiple files

Bugzilla ID

862 813

CVSS Status

draft

Base Score

5.10

Base Metrics

AV:N/AC:H/Au:N/C:P/I:P/A:P

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 6 mc Not affected
Red Hat Enterprise Linux 5 mc Not affected