[原文]OpenText FirstClass 8.0 client does not properly sanitize strings before passing them to the Windows ShellExecute API, which allows remote attackers to execute arbitrary commands via a UNC path in a bookmark.
FirstClass Client Bookmark Files Arbitrary Program Execution
Local Access Required,
Remote / Network Access
Loss of Integrity
OpenText FirstClass contains a flaw that may allow an attacker to execute arbitrary files. The issue is due to a lack of restrictions on bookmark URIs. This may allow an attacker to link to a file on a remote host which will be executed by the vulnerable client.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.
Discovery is credited to dila <email@example.com>.
Centrinity FirstClass Desktop Client 8.0
FirstClass client is reported prone to a vulnerability that may allow remote attackers to cause local arbitrary files to be executed.
An unspecified field in the FirstClass bookmark management window is not properly sanitized for user-supplied input and URI input can be passed to the Windows ShellExecute API.
This may be a serious issue if through other means the attacker can cause a malicious file to be placed on the client filesystem and later execute it.
FirstClass 8.0 is reported vulnerable to this issue.
An exploit is not required.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org <mailto:email@example.com>.