CVE-2016-10670

Name of the Vulnerable Software and Affected Versions windows-seleniumjar-mirror (affected versions not specified)

Description The issue allows for potential remote code execution (RCE) due to the insecure download of binary resources over HTTP, making it vulnerable to man-in-the-middle (MITM) attacks. If an attacker is on the network or positioned between the user and the remote server, they may be able to swap out the requested resources with an attacker-controlled copy. This could result in code execution on the system running the affected software.

Recommendations To mitigate this issue, download the selenium jar file manually from the official source. Alternatively, reduce the risk of exploitation by avoiding installation of the package while connected to a public network, thus limiting potential attackers to those with privileged access to your private network. At the moment, there is no information about a newer version that contains a fix for this vulnerability.