Xfce · Xfce Terminal · CVE-2007-3770
Name of the Vulnerable Software and Affected Versions:
Xfce Terminal version 0.2.6
terminal versions prior to 0.2.6 p25931
Description:
The issue allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a crafted link. This can be demonstrated using the "Open Link" functionality. Exploitation of this issue may lead to a violation of confidentiality and integrity of protected information and can be carried out remotely.
Recommendations:
For Xfce Terminal version 0.2.6, consider disabling the `terminal helper execute` function as a temporary workaround until a patch is available.
For terminal versions prior to 0.2.6 p25931, restrict access to the "Open Link" functionality to minimize the risk of exploitation.