Midnight Commander (mc) is a visual shell much like a file manager.
Shell escape bugs have been discovered in several of the mc vfs backend scripts. An attacker who is able to influence a victim to open a specially-crafted URI using mc could execute arbitrary commands as the victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0494 to this issue.
Users of mc should upgrade to this updated package which contains backported patches and is not vulnerable to this issue.