[SECURITY ALERT] Kleopatra allows local users to execute arbitrary code
Hoàng Cường
hoangcuongflp at gmail.com
Thu Jan 28 04:59:01 GMT 2021
Hi Friend,
I discovered security vulnerabilities in Kleopatra , tested on Kleopatra
Version 3.1.8-gpg4win-3.1.10.latest update.
#sumary:
- Unquoted program path in Kleopatra allows local users to execute
arbitrary code, via execution and from a compromised folder.
#Description
- Kleopatra allows local users to execute arbitrary code. if file
C:\program.exe exists, it will be executed.
#Steps to Reproduce:
1. Copy exe file C:\program.exe
2. right-click on the file and choose Encrypt/Decrypt.
3. C:\program.exe will be executed.
#impact:
- I was tested on Kleopatra Version 3.1.8-gpg4win-3.1.10.
PoC
[image: image.png]
Thanks and Best regards,
#hoangcuongflp
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde/attachments/20210128/1ab81307/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 100054 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kde/attachments/20210128/1ab81307/attachment-0001.png>
More information about the kde
mailing list