CVE-2003-0066

2004-09-0104:00:00

[email protected]

web.nvd.nist.gov

rxvt

terminal emulator

security vulnerability

arbitrary commands

window title

character escape sequence

cve-2003-0066

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

75.7%

JSON

The rxvt terminal emulator 2.7.8 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user’s terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.

Affected configurations

NVD

Node

rxvtrxvtMatch2.6.1

rxvtrxvtMatch2.6.2

rxvtrxvtMatch2.6.3

rxvtrxvtMatch2.6.4

rxvtrxvtMatch2.7.5

rxvtrxvtMatch2.7.6

rxvtrxvtMatch2.7.7

rxvtrxvtMatch2.7.8

CPENameOperatorVersion
rxvt:rxvtrxvteq2.6.1
rxvt:rxvtrxvteq2.6.2
rxvt:rxvtrxvteq2.6.3
rxvt:rxvtrxvteq2.6.4
rxvt:rxvtrxvteq2.7.5
rxvt:rxvtrxvteq2.7.6
rxvt:rxvtrxvteq2.7.7
rxvt:rxvtrxvteq2.7.8

CPE	Name	Operator	Version
rxvt:rxvt	rxvt	eq	2.6.1
rxvt:rxvt	rxvt	eq	2.6.2
rxvt:rxvt	rxvt	eq	2.6.3
rxvt:rxvt	rxvt	eq	2.6.4
rxvt:rxvt	rxvt	eq	2.7.5
rxvt:rxvt	rxvt	eq	2.7.6
rxvt:rxvt	rxvt	eq	2.7.7
rxvt:rxvt	rxvt	eq	2.7.8