CVE-2017-17528

Name of the Vulnerable Software and Affected Versions ScummVM version 1.9.0

Description The issue concerns the failure to validate strings before launching a program specified by the BROWSER environment variable. This could allow remote attackers to conduct argument-injection attacks via a crafted URL.

Recommendations For ScummVM version 1.9.0, consider disabling the use of the BROWSER environment variable until a patch is available to prevent potential argument-injection attacks. Restrict access to the posix.cpp file to minimize the risk of exploitation. Avoid using the BROWSER environment variable in the affected posix.cpp file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.