| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon Apr 11 12:18:30 2005 From: dilabox at gmail.com (dila) Subject: OpenText FirstClass 8.0 Client Arbitrary File Execution Product: OpenText FirstClass 8.0 Client Homepage: http://www.firstclass.com Platform: Microsoft Windows Description: Insufficient validation of user input allows arbitrary file execution FirstClass bookmark files allow the user to organise their web address's using the familiar FirstClass desktop environment. The vulnerable field has been highlighted in the attached screen dump. The URL text string is passed directly to the Windows ShellExecute API, which allows any local/network file to be executed when the bookmark is accessed. These bookmark files can also be set to "auto-open" if the user has sufficient privileges. A similar issue affecting URL's in FirstClass RTF documents was apparently reported last year, but remains unpatched. Simply comparing the first seven characters of the input string to "http://" should be sufficient protection. - dila -------------- next part -------------- A non-text attachment was scrubbed... Name: screen.png Type: image/png Size: 12471 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050411/928254ca/screen.png
Powered by blists - more mailing lists