Centrinity FirstClass Client Bookmark Window File Execution Vulnerability
BID:13079
Info
Centrinity FirstClass Client Bookmark Window File Execution Vulnerability
| Bugtraq ID: | 13079 |
| Class: | Input Validation Error |
| CVE: |
CVE-2005-1045 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 09 2005 12:00AM |
| Updated: | Jul 12 2009 12:56PM |
| Credit: | Discovery is credited to dila <[email protected]>. |
| Vulnerable: |
Centrinity FirstClass Desktop Client 8.0 |
| Not Vulnerable: | |
Discussion
Centrinity FirstClass Client Bookmark Window File Execution Vulnerability
FirstClass client is reported prone to a vulnerability that may allow remote attackers to cause local arbitrary files to be executed.
An unspecified field in the FirstClass bookmark management window is not properly sanitized for user-supplied input and URI input can be passed to the Windows ShellExecute API.
This may be a serious issue if through other means the attacker can cause a malicious file to be placed on the client filesystem and later execute it.
FirstClass 8.0 is reported vulnerable to this issue.
FirstClass client is reported prone to a vulnerability that may allow remote attackers to cause local arbitrary files to be executed.
An unspecified field in the FirstClass bookmark management window is not properly sanitized for user-supplied input and URI input can be passed to the Windows ShellExecute API.
This may be a serious issue if through other means the attacker can cause a malicious file to be placed on the client filesystem and later execute it.
FirstClass 8.0 is reported vulnerable to this issue.
Exploit / POC
Centrinity FirstClass Client Bookmark Window File Execution Vulnerability
An exploit is not required.
An exploit is not required.
Solution / Fix
Centrinity FirstClass Client Bookmark Window File Execution Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Centrinity FirstClass Client Bookmark Window File Execution Vulnerability
References:
References:
- FirstClass Product Page (Centrinity)