CVE-2003-0064

IRIX - Command Injection via dtterm Window Title Escape Sequence

Title source: llm
STIX 2.1

Description

The dtterm terminal emulator allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.

References (5)

Core 5
Core References
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=104612710031920&w=2
Third Party Advisory, VDB Entry vendor-advisory x_refsource_hp
http://www.securityfocus.com/advisories/6236
Vendor Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/11414.php
Vendor Advisory mailing-list x_refsource_vulnwatch
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/6942

Scores

EPSS 0.0087
EPSS Percentile 75.5%

Details

Status published
Products (50)
hp/hp-ux 10.20
hp/hp-ux 10.24
hp/hp-ux 10.26
hp/hp-ux 10.30
hp/hp-ux 10.34
hp/hp-ux 11.00
hp/hp-ux 11.04
hp/hp-ux 11.11
hp/hp-ux 11.20
hp/hp-ux 11.22
... and 40 more
Published Mar 03, 2003
Tracked Since Feb 18, 2026