Agentmisterious

**Name of the Vulnerable Software and Affected Versions** ADB Explorer versions prior to Beta 0.9.26022 **Description** ADB Explorer, a fluent UI for ADB on Windows, allows manipulation of the `ManualAdbPath` settings variable. This variable defines the path to the ADB binary. Setting this variable to a Universal Naming Convention (UNC) path allows an attacker to point the binary to a remote network resource under their control. Successful exploitation grants the attacker full control over the executed binary, potentially enabling remote code execution on the victim's machine with the privileges of the user running the application. This is achievable by tricking a victim into running a shortcut of the application that references a custom `App.txt` settings file, which sets the `ManualAdbPath`. **Recommendations** Update to version Beta 0.9.26022 or later.

**Name of the Vulnerable Software and Affected Versions** ADB Explorer versions 0.9.26020 and below **Description** ADB Explorer versions 0.9.26020 and below do not properly validate the integrity or authenticity of the ADB binary path specified in the `ManualAdbPath` setting before execution. This can lead to arbitrary code execution with the privileges of the current user. An attacker can exploit this by creating a malicious `App.txt` settings file that points `ManualAdbPath` to an arbitrary executable and then convincing a user to launch the application with a command-line argument directing it to the malicious configuration directory. This could be achieved through social engineering, such as distributing a shortcut bundled with a crafted settings file in an archive, resulting in remote code execution upon application startup. **Recommendations** Versions prior to 0.9.26021 should be updated.