Re: xpdf vulnerability - CAN-2003-0434
Date: Wed, 9 Jul 2003 22:36:40 +0200 (MEST) To: Andries.Brouwer@cwi.nl, firstname.lastname@example.org
>> A urlCommand like the default "netscape -remote 'openURL(%s)'"
>> is OK since the %s is protected by single quotes.
> How so? Consider an argument of
> '`rm -rf /tmp/test`'
xpdf already filters out single and double quotes, so
these do not occur in arguments.