CVE-2022-32278

Name of the Vulnerable Software and Affected Versions XFCE version 4.16

Description The issue allows attackers to execute arbitrary code because xdg-open can execute a .desktop file on an attacker-controlled FTP server. This is related to errors in security settings in the exo application library of the XFCE desktop environment. Exploitation of the issue may allow a remote attacker to execute arbitrary code using a specially crafted .desktop file.

Recommendations For XFCE version 4.16, to prevent executing possibly malicious .desktop files from online sources, consider updating to a version where this issue has been addressed, which includes changes to prevent the execution of .desktop files from sources like ftp:// or http://. At the moment, there is no information about a newer version that contains a fix for this vulnerability.