XFCE 4.16 allows attackers to execute arbitrary code because xdg-open can execute a .desktop file on an attacker-controlled FTP server.
Affected Software
Name |
Vendor |
Start Version |
End Version |
Exo |
Xfce |
* |
4.16.4 (excluding) |
Exo |
Xfce |
4.17.0 (including) |
4.17.2 (excluding) |
References