Описание
Improper input validation vulnerability in XPLATFORM's execBrowser method can cause execute arbitrary commands. IF the second parameter value of the execBrowser function is ‘default’, the first parameter value could be passed to the ShellExecuteW API. The passed parameter is an arbitrary code to be executed. Remote attackers can use this vulnerability to execute arbitrary remote code.
Ссылки
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Одновременно
EPSS
8.1 High
CVSS3
8.8 High
CVSS3
5.1 Medium
CVSS2
Дефекты
Связанные уязвимости
Improper input validation vulnerability in XPLATFORM's execBrowser method can cause execute arbitrary commands. IF the second parameter value of the execBrowser function is ‘default’, the first parameter value could be passed to the ShellExecuteW API. The passed parameter is an arbitrary code to be executed. Remote attackers can use this vulnerability to execute arbitrary remote code.
EPSS
8.1 High
CVSS3
8.8 High
CVSS3
5.1 Medium
CVSS2