CVE-2019-13637

Name of the Vulnerable Software and Affected Versions LogMeIn join.me versions prior to 3.16.0.5505

Description The issue arises from unsafe search paths used by the application URI defined in Windows, allowing an attacker to execute arbitrary commands on a targeted system. This can be exploited by convincing a user to follow a malicious link, which could cause the application to load libraries from a targeted directory. If an attacker can place a crafted library in an accessible directory, they could execute arbitrary commands with the privileges of the targeted user.

Recommendations For versions prior to 3.16.0.5505, update to version 3.16.0.5505 or later to resolve the issue.