Users of iOffice please be advised of a command execution vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
iOffice-SA-07/17/2010: iOffice 0.1 command execution vulnerability
Office 0.1
iOffice 0.1 is vulnerable because it does not sanitize user input. It seems
to be modular because none of the scripts are exactly the same on ones I've
run across, but they all seem to be vulnerable. Command execution is
possible.Read more at www.criticalwatch.com
See this Amp at http://bit.ly/9Sjbqa
No comments:
Post a Comment