NuytsTech Security

CVE-2008-2575

by ·

cbrPager before 0.9.17 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a (1) ZIP (aka .cbz) or (2) RAR (aka .cbr) archive filename.

Date published : 2008-06-06

http://cvs.fedoraproject.org/viewcvs/rpms/cbrpager/devel/cbrpager-0.9.16-filen-shell-escaping.patch?rev=1.2

http://sourceforge.net/forum/forum.php?forum_id=827120

Tags: