Computer Security
[EN] securityvulns.ru no-pyccku


Jetro Cockpit Secure Browsing code execution
Published:05.05.2014
Source:
SecurityVulns ID:13744
Type:client
Threat Level:
5/10
Description:Code execution via print-to-PDF function.
Affected:JETROCOCKPIT : Jetro COCKPIT Secure Browsing 4.3
CVE:CVE-2014-1861 (The client in Jetro COCKPIT Secure Browsing (JCSB) 4.3.1 and 4.3.3 does not validate the FileName element in an RDP_FILE_TRANSFER document, which allows remote JCSB servers to execute arbitrary programs by providing a .EXE extension.)
Original documentdocumentRonen Z, Jetro Cockpit Secure Browsing vulnerability - Client missing input validation allowing RCE (05.05.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod