[EU-FOSSA] Fix a security issue: RCE via unsanitized command line in "Open containing folder"
Summary of the Issue: A remote code execution (RCE) vulnerability was found when a user opens a crafted containing folder in the command line. Code execution is possible by injecting a & followed by system commands into the name of the folder. Steps to reproduce: Download the attached archive on Windows: unzip_me.zip (F404758) Unzip it and navigate into it Open the txt file inside with Notepad++ Go to File -> Open containing folder -> cmd Impact statement: Successful exploitation of this vulnerability would allow an attacker to remotely execute arbitrary commands on the victim's computer.
This commit is contained in:
parent
fd32585c14
commit
0f936707a2
|
@ -90,7 +90,7 @@ void Notepad_plus::command(int id)
|
|||
|
||||
case IDM_FILE_OPEN_CMD:
|
||||
{
|
||||
Command cmd(TEXT("cmd /K cd /d $(CURRENT_DIRECTORY)"));
|
||||
Command cmd(TEXT("cmd /K cd /d \"$(CURRENT_DIRECTORY)\""));
|
||||
cmd.run(_pPublicInterface->getHSelf());
|
||||
}
|
||||
break;
|
||||
|
|
|
@ -688,7 +688,7 @@ void FileBrowser::popupMenuCmd(int cmdID)
|
|||
if (::PathFileExists(path.c_str()))
|
||||
{
|
||||
TCHAR cmdStr[1024];
|
||||
wsprintf(cmdStr, TEXT("cmd /K cd /d %s"), path.c_str());
|
||||
wsprintf(cmdStr, TEXT("cmd /K cd /d \"%s\""), path.c_str());
|
||||
Command cmd(cmdStr);
|
||||
cmd.run(nullptr);
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue