0f936707a2
Summary of the Issue: A remote code execution (RCE) vulnerability was found when a user opens a crafted containing folder in the command line. Code execution is possible by injecting a & followed by system commands into the name of the folder. Steps to reproduce: Download the attached archive on Windows: unzip_me.zip (F404758) Unzip it and navigate into it Open the txt file inside with Notepad++ Go to File -> Open containing folder -> cmd Impact statement: Successful exploitation of this vulnerability would allow an attacker to remotely execute arbitrary commands on the victim's computer. |
||
|---|---|---|
| .. | ||
| bin | ||
| gcc | ||
| installer | ||
| misc/chameleon | ||
| scintilla.original.forUpdating | ||
| src | ||
| Test/FunctionList | ||
| visual.net | ||