ConEmu through 220807 and Cmder before 1.3.21 report the title of the terminal, including control characters, which allows an attacker to change the title and then execute it as commands.
References
Link | Resource |
---|---|
https://gist.github.com/dgl/05ca60cdc7efc9e47bbc58d0c952635e | Third Party Advisory |
https://github.com/cmderdev/cmder/blob/master/CHANGELOG.md | Release Notes |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2023-03-28T00:00:00
Updated: 2023-03-28T00:00:00
Reserved: 2022-12-04T00:00:00
Link: CVE-2022-46387
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-03-28T20:15:10.940
Modified: 2023-10-05T14:14:41.140
Link: CVE-2022-46387
JSON object: View
Redhat Information
No data.
CWE