CVE-2009-0917

Name of the Vulnerable Software and Affected Versions DFLabs PTK versions 1.0.0 through 1.0.4

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML by providing a forensic image containing HTML documents. These documents are rendered in web browsers during inspection by PTK. The vendor notes that the product is intended for use in a laboratory with no internet contact.

Recommendations For DFLabs PTK versions 1.0.0 through 1.0.4, consider restricting the rendering of HTML documents from forensic images to minimize the risk of exploitation until a patch is available.