CVE-2017-17534

Name of the Vulnerable Software and Affected Versions Mensis version 0.0.080507

Description The issue is related to the uiutil.c file in Mensis, which does not validate strings before launching a program specified by the BROWSER environment variable. This could allow remote attackers to conduct argument-injection attacks via a crafted URL.

Recommendations For Mensis version 0.0.080507, consider validating strings before launching the program specified by the BROWSER environment variable to prevent argument-injection attacks. As a temporary workaround, restrict the use of the BROWSER environment variable until a patch is available.