Alexander Larsson reports that some versions of gnome-vfs and
MidnightCommander contain a number of `extfs’ scripts that do not
properly validate user input. If an attacker can cause her
victim to process a specially-crafted URI, arbitrary commands
can be executed with the privileges of the victim.