https://bugs.winehq.org/show_bug.cgi?id=40347 Bug ID: 40347 Summary: unmount uses unsafe system() Product: Wine Version: unspecified Hardware: x86 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: -unknown Assignee: wine-bugs(a)winehq.org Reporter: cpicard(a)openmailbox.org Distribution: --- Created attachment 54037 --> https://bugs.winehq.org/attachment.cgi?id=54037 eject source file DIR_unmount_device from wine/dlls/ntdll/directory.c doesn't sanitize its input leading to a possible command execution by unmounting a device mounted on a malicious path. To reproduce (from Michael Müller): $ mkdir "a;xterm" $ mount "a;xterm" $ ./eject # launches xterm where eject is built from the attached code. -- Do not reply to this email, post in Bugzilla using the above URL to reply. You are receiving this mail because: You are watching all bug changes.