CVE-1999-1549 Information

Description

Lynx 2.x does not properly distinguish between internal and external HTML which may allow a local attacker to read a \secure\ hidden form value from a temporary file and craft a LYNXOPTIONS: URL that causes Lynx to modify the user’s configuration file and execute commands.

Reference

http://marc.info/?l=bugtraq&m=94286509804526&w=2 http://www.securityfocus.com/bid/804