Exploitation Summary
EIP tracks 1 public exploit for CVE-2003-1308. PoCs published by auto22238.
AI-analyzed exploit summary This exploit demonstrates a command execution vulnerability in FVWM's fvwm-menu-directory component by creating a maliciously named file that triggers arbitrary command execution when processed by FVWM.
Description
CRLF injection vulnerability in fvwm-menu-directory for fvwm 2.5.x before 2.5.10 and 2.4.x before 2.4.18 allows local users to execute arbitrary commands via carriage returns in a filename.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by auto22238 · textlocallinux
https://www.exploit-db.com/exploits/23414
This exploit demonstrates a command execution vulnerability in FVWM's fvwm-menu-directory component by creating a maliciously named file that triggers arbitrary command execution when processed by FVWM.
Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target:
FVWM versions 2.14.17 and 2.5.8
No auth needed
Prerequisites:
Write permissions to a directory monitored by FVWM's menu system
MITRE ATT&CK
mistral-large-3 · analyzed Feb 16, 2026
Full analysis →
References (2)
Core 2
Core References
Various Sources x_refsource_confirm
http://www.fvwm.org/news/
Exploit, Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/9161
Scores
EPSS
0.0132
EPSS Percentile
67.6%
Details
Status
published
Products (1)
fvwm/fvwm
< 2.4.17
Published
Dec 31, 2003
Tracked Since
Feb 18, 2026