CVE-2016-10691

Name of the Vulnerable Software and Affected Versions windows-seleniumjar (affected versions not specified)

Description The issue concerns the insecure download of binary resources over HTTP, making it susceptible to man-in-the-middle (MITM) attacks. This could potentially lead to remote code execution (RCE) if an attacker intercepts and replaces the requested resources with a malicious copy. The vulnerability can be exploited when an attacker has a privileged network position, allowing them to intercept the response and replace the executable with a malicious one, resulting in code execution on the system running the affected software.

Recommendations To mitigate the issue, consider avoiding the use of the windows-seleniumjar package until a patch is available. As an alternative, reduce the risk of exploitation by ensuring the package is not installed while connected to a public network. If the package is installed on a private network, minimize the risk by restricting access to the network and ensuring that only trusted individuals have privileged access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.