It was discovered that the Perl Encode library incorrectly handled paths. A local attacker could possibly use this issue to trick the library into executing arbitrary code from the current working directory.
Continue reading...
Continue reading...