Arbitrary Command Execution via Crafted Image Name in Shutter

Arbitrary Command Execution via Crafted Image Name in Shutter

CVE-2015-0854 · HIGH Severity

AV:N/AC:M/AU:N/C:C/I:C/A:C

App/HelperFunctions.pm in Shutter through 0.93.1 allows user-assisted remote attackers to execute arbitrary commands via a crafted image name that is mishandled during a "Show in Folder" action.

Learn more about our User Device Pen Test.