Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

OpenText FirstClass 8.0 Client Arbitrary File Execution
From: dila <dilabox () gmail com>
Date: Fri, 8 Apr 2005 01:41:28 +0100
Product: OpenText FirstClass 8.0 Client
Homepage: http://www.firstclass.com
Platform: Microsoft Windows
Description: Insufficient validation of user input allows arbitrary
file execution

FirstClass bookmark files allow the user to organise their web
address's using the familiar FirstClass desktop environment. The
vulnerable field has been highlighted in the attached screen dump. The
URL text string is passed directly to the Windows ShellExecute API,
which allows any local/network file to be executed when the bookmark
is accessed.

A similar issue affecting URL's in FirstClass RTF documents was
apparently reported last year, but remains unpatched.

Simply comparing the first seven characters of the input string to
"http://"; should be sufficient protection.

- dila

  By Date           By Thread  

Current thread:
  • OpenText FirstClass 8.0 Client Arbitrary File Execution dila (Apr 11)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]