CVE-2017-17514
CVE-2017-17514 affects nip2 8.4.0: boxes.c does not validate strings before launching the program specified by BROWSER, potentially enabling argument-injection via a crafted URL. The description notes that the product may not actually use the BROWSER variable. Connected documents corroborate the ...