CVE-2012-5003

Name of the Vulnerable Software and Affected Versions No Machine NX Web Companion versions 3.x and earlier

Description The issue arises from the improper verification of update authenticity in nxapplet.jar, allowing user-assisted remote attackers to execute arbitrary code. This can be achieved by crafting specific parameters, such as SiteUrl or RedirectUrl, to point to a malicious client.zip update file.

Recommendations For No Machine NX Web Companion versions 3.x and earlier, consider restricting access to updates until a proper fix is applied, and avoid using the SiteUrl and RedirectUrl parameters with untrusted sources. At the moment, there is no information about a newer version that contains a fix for this vulnerability.