CVSS2
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:H/Au:N/C:P/I:P/A:P
EPSS
Percentile
10.1%
rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment
variable is not set, which might allow local users to hijack X11
connections. NOTE: it was later reported that rxvt-unicode, mrxvt, aterm,
multi-aterm, and wterm are also affected. NOTE: realistic attack scenarios
require that the victim enters a command on the wrong machine.