PT-2005-2065 · Opentext+1 · Opentext Firstclass+2

Dila

Published

2005-04-12

Updated

2017-07-11

CVE-2005-1045

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions OpenText FirstClass version 8.0

Description The issue arises from improper sanitization of strings before they are passed to the Windows ShellExecute API. This allows remote attackers to execute arbitrary commands via a UNC path in a bookmark.

Recommendations For OpenText FirstClass version 8.0, consider disabling the use of UNC paths in bookmarks until a patch is available. Restrict access to the Windows ShellExecute API to minimize the risk of exploitation. Avoid using the bookmark feature with UNC paths in the affected version until the issue is resolved.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-1045

Affected Products

Opentext Firstclass

Windows

Windows Shellexecute Api

PT-2005-2065 · Opentext+1 · Opentext Firstclass+2

CVE-2005-1045

Related Identifiers

Affected Products

References · 7