Arbitrary Command Execution via URL in xpdf PDF Viewer Client (CVE-XXXX-XXXX)

Arbitrary Command Execution via URL in xpdf PDF Viewer Client (CVE-XXXX-XXXX)

CVE-2000-0727 · HIGH Severity

AV:N/AC:H/AU:N/C:C/I:C/A:C

xpdf PDF viewer client earlier than 0.91 does not properly launch a web browser for embedded URL's, which allows an attacker to execute arbitrary commands via a URL that contains shell metacharacters.

Learn more about our Web App Pen Testing.