OpenText FirstClass 8.0 Client Arbitrary File Execution

From: dila (dilabox_at_gmail.com)
Date: 04/08/05

  • Next message: Marcus Meissner: "SUSE Security Announcement: various KDE security problems (SUSE-SA:2005:022)"
    Date: Fri, 8 Apr 2005 01:41:28 +0100
    To: "[L] bugtraq" <bugtraq@securityfocus.com>
    
    
    

    Product: OpenText FirstClass 8.0 Client
    Homepage: http://www.firstclass.com
    Platform: Microsoft Windows
    Description: Insufficient validation of user input allows arbitrary
    file execution

    FirstClass bookmark files allow the user to organise their web
    address's using the familiar FirstClass desktop environment. The
    vulnerable field has been highlighted in the attached screen dump. The
    URL text string is passed directly to the Windows ShellExecute API,
    which allows any local/network file to be executed when the bookmark
    is accessed.

    A similar issue affecting URL's in FirstClass RTF documents was
    apparently reported last year, but remains unpatched.

    Simply comparing the first seven characters of the input string to
    "http://" should be sufficient protection.

    - dila

    
    



  • Next message: Marcus Meissner: "SUSE Security Announcement: various KDE security problems (SUSE-SA:2005:022)"