CVE-2014-1861

Name of the Vulnerable Software and Affected Versions Jetro COCKPIT Secure Browsing (JCSB) versions 4.3.1 through 4.3.3

Description The issue concerns the client in Jetro COCKPIT Secure Browsing (JCSB) that fails to validate the FileName element in an RDP FILE TRANSFER document. This allows remote JCSB servers to execute arbitrary programs by providing a .EXE extension.

Recommendations For Jetro COCKPIT Secure Browsing (JCSB) versions 4.3.1 through 4.3.3, consider disabling the handling of RDP FILE TRANSFER documents until a patch is available to prevent remote execution of arbitrary programs.