CVE-2006-7236

xterm - Remote Code Execution via Escape Sequences

Title source: manual

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-7236. PoCs published by Paul Szabo.

AI-analyzed exploit summary This exploit leverages a command injection vulnerability in xterm by embedding escape sequences in a log file. When the log is displayed in xterm, it executes arbitrary commands due to insufficient input validation.

Description

The default configuration of xterm on Debian GNU/Linux sid and possibly Ubuntu enables the allowWindowOps resource, which allows user-assisted attackers to execute arbitrary code or have unspecified other impact via escape sequences.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Paul Szabo · textremotelinux

https://www.exploit-db.com/exploits/32690

View Code ZIP pw:eip

This exploit leverages a command injection vulnerability in xterm by embedding escape sequences in a log file. When the log is displayed in xterm, it executes arbitrary commands due to insufficient input validation.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: xterm with patch 237

No auth needed

Prerequisites: Access to write a file that will be displayed in xterm

MITRE ATT&CK

T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/33388

Vendor Advisory vendor-advisory x_refsource_ubuntu

https://usn.ubuntu.com/703-1/

Issue Tracking x_refsource_confirm

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510030

Issue Tracking x_refsource_confirm

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=384593

Scores

EPSS 0.0747

EPSS Percentile 93.7%

Details

CWE

CWE-16

Status published

Products (1)

invisible-island/xterm _nil_

Published Jan 02, 2009

Tracked Since Feb 18, 2026