PT-2021-17766 · Clipper · Clipper

Xiaofen9

Published

2021-03-11

Updated

2021-03-17

CVE-2021-28134

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Clipper versions prior to 1.0.5

Description: The issue allows remote command execution. A remote attacker may send a crafted IPC message to the exposed vulnerable ipcRenderer IPC interface, which invokes the openExternal API.

Recommendations: For versions prior to 1.0.5, update to version 1.0.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the ipcRenderer IPC interface until a patch is available. Avoid using the openExternal API in the affected IPC interface until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2021-28134

Affected Products

Clipper

PT-2021-17766 · Clipper · Clipper

CVE-2021-28134

Related Identifiers

Affected Products

References · 9