CVE-2017-17533

Name of the Vulnerable Software and Affected Versions Tkabber version 1.1

Description The issue concerns the default.tcl script in Tkabber, which fails to validate strings before launching a program specified by the BROWSER environment variable. This could potentially allow remote attackers to conduct argument-injection attacks via a crafted URL. However, it has been noted that the attack might not be possible due to the argument-parsing behavior of the Tcl exec function.

Recommendations For Tkabber version 1.1, consider validating strings before launching the program specified by the BROWSER environment variable to prevent potential argument-injection attacks. As a temporary workaround, restrict the use of the BROWSER environment variable until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.