CVE-2006-5925

Links/Elinks <1.00pre12-0.9.2 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2006-5925. PoCs published by Teemu Salmela.

AI-analyzed exploit summary This exploit leverages a command injection vulnerability in Links and ELinks browsers by embedding malicious 'smb' commands in an HTML anchor tag. When clicked, it executes arbitrary commands via 'smbclient' if installed on the victim's system.

Description

Links web browser 1.00pre12 and Elinks 0.9.2 with smbclient installed allows remote attackers to execute arbitrary code via shell metacharacters in an smb:// URI, as demonstrated by using PUT and GET statements.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Teemu Salmela · htmlremotelinux
https://www.exploit-db.com/exploits/29033

This exploit leverages a command injection vulnerability in Links and ELinks browsers by embedding malicious 'smb' commands in an HTML anchor tag. When clicked, it executes arbitrary commands via 'smbclient' if installed on the victim's system.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Links 1.00pre12, ELinks 0.11.1
No auth needed
Prerequisites: 'smbclient' installed on the target system · Victim interaction (clicking the malicious link)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Teemu Salmela · htmlremotemultiple
https://www.exploit-db.com/exploits/2784

This exploit leverages a command injection vulnerability in the Links web browser (version 1.00pre12) by crafting a malicious SMB URL. The flaw in smb.c allows arbitrary command execution via smbclient, enabling file exfiltration or upload.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Links web browser 1.00pre12
No auth needed
Prerequisites: smbclient installed on victim system · victim uses Links browser to visit malicious page
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (28)

Core 28
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22920
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2006-0742.html
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22923
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22905
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1017233
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200612-16.xml
Vendor Advisory vendor-advisory x_refsource_trustix
http://www.trustix.org/errata/2007/0005
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/451870/100/200/threaded
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/23467
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24005
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11213
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/23188
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2006/dsa-1240
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/23234
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2006/dsa-1228
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1017232
Vendor Advisory vendor-advisory x_refsource_suse
http://www.novell.com/linux/security/advisories/2006_27_sr.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/30299
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24054
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/23132
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/21082
Mailing List mailing-list x_refsource_fulldisc
http://marc.info/?l=full-disclosure&m=116355556512780&w=2
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2006/dsa-1226
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDKSA-2006:216
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/23389
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/23022
Third Party Advisory vendor-advisory x_refsource_gentoo
http://www.gentoo.org/security/en/glsa/glsa-200701-27.xml
Issue Tracking x_refsource_confirm
http://bugzilla.elinks.cz/show_bug.cgi?id=841

Scores

EPSS 0.0805
EPSS Percentile 94.0%

Details

Status published
Products (2)
elinks/elinks 0.9.2
links/links 1.00pre12
Published Nov 15, 2006
Tracked Since Feb 18, 2026