Info

Disclosure

Apr 08, 2005

Discovery

Unknown

Dates

Exploit

Apr 08, 2005

Solution

Unknown

Description

OpenText FirstClass contains a flaw that may allow an attacker to execute arbitrary files. The issue is due to a lack of restrictions on bookmark URIs. This may allow an attacker to link to a file on a remote host which will be executed by the vulnerable client.

Classification

Location: Local Access Required, Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Public
Disclosure: OSVDB Verified

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

OpenText Corporation

FirstClass Client for Windows

8.0

References

Security Tracker: 1013665
Bugtraq ID: 13079
Secunia Advisory ID: 14898
Related OSVDB ID: 15356 3442
ISS X-Force ID: 20032
CVE ID: 2005-1045 (see also: NVD)
Mail List Post: http://marc.theaimsgroup.com/?l=bugtraq&m=111323587931293&w=2
Other Advisory URL: http://osvdb.org/ref/15/15356-firstclass.png
http://osvdb.org/ref/15/15356-firstclass.txt
Vendor URL: http://www.firstclass.com/

Credit

dila - dilaboxgmail.com -

Direct URL: http://osvdb.org/15356