CVE-2006-7234
published 2008-10-27CVE-2006-7234: Untrusted search path vulnerability in Lynx before 2.8.6rel.4 allows local users to execute arbitrary code via malicious (1) .mailcap and (2) mime.types files…
PriorityP421medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EXPLOIT
EPSS
0.88%
54.6th percentile
Untrusted search path vulnerability in Lynx before 2.8.6rel.4 allows local users to execute arbitrary code via malicious (1) .mailcap and (2) mime.types files in the current working directory.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | lynx | — | — |
| lynx | lynx | <= 2.8.6 | — |
| lynx | lynx | — | — |
| lynx | lynx | — | — |
| lynx | lynx | — | — |
| lynx | lynx | — | — |
| lynx | lynx | — | — |
| lynx | lynx | — | — |
CVSS provenance
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
vendor_debian4.6LOW
vendor_redhat4.6MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
lynx: .mailcap and .mime.types files read from CWD
vendor_redhat·2006-10-03·CVSS 4.6
CVE-2006-7234 [MEDIUM] lynx: .mailcap and .mime.types files read from CWD
lynx: .mailcap and .mime.types files read from CWD
Untrusted search path vulnerability in Lynx before 2.8.6rel.4 allows local users to execute arbitrary code via malicious (1) .mailcap and (2) mime.types files in the current working directory.
Debian
CVE-2006-7234: lynx - Untrusted search path vulnerability in Lynx before 2.8.6rel.4 allows local users...
vendor_debian·2006·CVSS 4.6
CVE-2006-7234 [MEDIUM] CVE-2006-7234: lynx - Untrusted search path vulnerability in Lynx before 2.8.6rel.4 allows local users...
Untrusted search path vulnerability in Lynx before 2.8.6rel.4 allows local users to execute arbitrary code via malicious (1) .mailcap and (2) mime.types files in the current working directory.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
GHSA
GHSA-cg3w-xm4w-x9rw: Untrusted search path vulnerability in Lynx before 2
ghsa_unreviewed·2022-05-01
CVE-2006-7234 [MEDIUM] GHSA-cg3w-xm4w-x9rw: Untrusted search path vulnerability in Lynx before 2
Untrusted search path vulnerability in Lynx before 2.8.6rel.4 allows local users to execute arbitrary code via malicious (1) .mailcap and (2) mime.types files in the current working directory.
No detection rules found.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=396949http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.htmlhttp://secunia.com/advisories/32407http://secunia.com/advisories/32416http://secunia.com/advisories/33568http://www.mandriva.com/security/advisories?name=MDVSA-2008:217http://www.openwall.com/lists/oss-security/2008/10/25/3http://www.redhat.com/support/errata/RHSA-2008-0965.htmlhttp://www.securityfocus.com/bid/31917http://www.securitytracker.com/id?1021107https://bugzilla.redhat.com/show_bug.cgi?id=214205https://exchange.xforce.ibmcloud.com/vulnerabilities/46132https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9719http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=396949http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.htmlhttp://secunia.com/advisories/32407http://secunia.com/advisories/32416http://secunia.com/advisories/33568http://www.mandriva.com/security/advisories?name=MDVSA-2008:217http://www.openwall.com/lists/oss-security/2008/10/25/3http://www.redhat.com/support/errata/RHSA-2008-0965.htmlhttp://www.securityfocus.com/bid/31917http://www.securitytracker.com/id?1021107https://bugzilla.redhat.com/show_bug.cgi?id=214205https://exchange.xforce.ibmcloud.com/vulnerabilities/46132https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9719
2008-10-27
Published