Arbitrary Code Execution via Symlink Attack in GNOME Rhythmbox 0.13.3 and Earlier

Arbitrary Code Execution via Symlink Attack in GNOME Rhythmbox 0.13.3 and Earlier

CVE-2012-3355 · LOW Severity

AV:L/AC:L/AU:N/C:N/I:P/A:P

(1) AlbumTab.py, (2) ArtistTab.py, (3) LinksTab.py, and (4) LyricsTab.py in the Context module in GNOME Rhythmbox 0.13.3 and earlier allows local users to execute arbitrary code via a symlink attack on a temporary HTML template file in the /tmp/context directory.

Learn more about our User Device Pen Test.