CVE-2003-0070

Name of the Vulnerable Software and Affected Versions vte versions 0.8.19 vte-devel versions 0.8.19

Description The issue allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal. This could enable the attacker to execute arbitrary commands, for example, when the user views a file containing the malicious sequence. Exploitation of this issue can be done remotely and may lead to a breach of confidentiality, integrity, and availability of protected information.

Recommendations For vte version 0.8.19, consider disabling the use of character escape sequences in the terminal emulator until a patch is available. For vte-devel version 0.8.19, restrict the insertion of modified window titles back into the command line to minimize the risk of exploitation.