Lucene search
HistoryOct 10, 2012 - 6:55 p.m.
CVE-2012-4463
cve-2012-4463
midnight commander
mc
remote code execution
user-assisted
nvd
7.3 High
AI Score
Confidence
Low
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.013 Low
EPSS
Percentile
85.7%
Midnight Commander (mc) 4.8.5 does not properly handle the (1) MC_EXT_SELECTED or (2) MC_EXT_ONLYTAGGED environment variables when multiple files are selected, which allows user-assisted remote attackers to execute arbitrary commands via a crafted file name.
| CPE | Name | Operator | Version |
|---|---|---|---|
| midnight-commander:midnight_commander | midnight-commander midnight commander | eq | 4.8.5 |
References
Related
nessus
nessus
Fedora 18 : mc-4.8.6-2.fc18 (2012-19335)
2012-12-04 00:00:00
Fedora 17 : mc-4.8.6-2.fc17 (2012-19349)
2012-12-07 00:00:00
openvas
openvas
Fedora Update for mc FEDORA-2012-19349
2012-12-10 00:00:00
Fedora Update for mc FEDORA-2012-19349
2012-12-10 00:00:00
Gentoo Security Advisory GLSA 201402-18
2015-09-29 00:00:00
gentoo
gentoo
GNU Midnight Commander: User-assisted execution of arbitrary code
2014-02-20 00:00:00
prion
prion
Design/Logic Flaw
2012-10-10 18:55:00
fedora
fedora
[SECURITY] Fedora 18 Update: mc-4.8.6-2.fc18
2012-12-04 05:21:51
[SECURITY] Fedora 17 Update: mc-4.8.6-2.fc17
2012-12-07 03:27:01
ubuntucve
ubuntucve
CVE-2012-4463
2012-10-10 00:00:00
debiancve
debiancve
CVE-2012-4463
2012-10-10 18:55:00
7.3 High
AI Score
Confidence
Low
5.1 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.013 Low
EPSS
Percentile
85.7%
Related for CVE-2012-4463