CVE-2012-4463

Description

Midnight Commander (mc) 4.8.5 does not properly handle the (1) MC_EXT_SELECTED or (2) MC_EXT_ONLYTAGGED environment variables when multiple files are selected, which allows user-assisted remote attackers to execute arbitrary commands via a crafted file name.

How to fix CVE-2012-4463

To remediate CVE-2012-4463, upgrade the affected package to a fixed version below.

• Debian/mc—upgrade to 3:4.8.8-1 or later

Is CVE-2012-4463 being exploited?

Low — EPSS is 0.6%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 3:4.8.8-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2012-4463