CVE-2003-0066

The rxvt terminal emulator 2.7.8 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the users terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.

Affected Software

Name	Vendor	Start Version	End Version
Rxvt	Rxvt	2.6.1 (including)	2.6.1 (including)
Rxvt	Rxvt	2.6.2 (including)	2.6.2 (including)
Rxvt	Rxvt	2.6.3 (including)	2.6.3 (including)
Rxvt	Rxvt	2.6.4 (including)	2.6.4 (including)
Rxvt	Rxvt	2.7.5 (including)	2.7.5 (including)
Rxvt	Rxvt	2.7.6 (including)	2.7.6 (including)
Rxvt	Rxvt	2.7.7 (including)	2.7.7 (including)
Rxvt	Rxvt	2.7.8 (including)	2.7.8 (including)
Red Hat Enterprise Linux AS (Advanced Server) version 2.1	RedHat		*
Red Hat Enterprise Linux ES version 2.1	RedHat		*
Red Hat Enterprise Linux WS version 2.1	RedHat		*
Red Hat Linux 6.2	RedHat		*
Red Hat Linux 7.0	RedHat		*
Red Hat Linux 7.1	RedHat		*
Red Hat Linux 7.2	RedHat		*
Red Hat Linux 7.3	RedHat		*
Red Hat Linux Advanced Workstation 2.1	RedHat		*
Rxvt	Ubuntu	dapper	*
Rxvt	Ubuntu	devel	*
Rxvt	Ubuntu	edgy	*
Rxvt	Ubuntu	feisty	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2003-0066
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

Affected Software

References