DC++ 0.851 - Arbitrary code execution
Bug #1502650 reported by
Kacper
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
DC++ |
Fix Released
|
Medium
|
Unassigned |
Bug Description
Details and PoC: http://
By supplying an UNC path in the *.dcext plugin file or main/pm hub chat, a remote file will be automatically downloaded, which can result in arbitrary code execution.
Changed in dcplusplus: | |
status: | New → In Progress |
importance: | Undecided → Medium |
Changed in dcplusplus: | |
status: | In Progress → Fix Committed |
information type: | Private Security → Public |
To post a comment you must log in.
from what I understand by reading <http:// blogs.technet. com/b/srd/ archive/ 2015/02/ 10/ms15- 011-amp- ms15-014- hardening- group-policy. aspx>, this is well mitigated by the "UNC Hardened Access" feature that has been introduced.
"Even 3rd party applications and services can take advantage of this new feature without additional code changes; simply add the necessary configuration details in Group Policy. If a UNC Provider is able to establish a connection to the specified server that meets the required security properties, then the application/service will be able to open handles as normal; if not, opening handles would fail, thus preventing insecure access to the remote server."
on the actual issue (whether DC++ should allow clicking on UNC paths), I have no opinion - maybe people in local networks actually enjoy pasting links to files stored on some shared network server?
this would input from others, but from what I have gathered, the security issue has been fixed in Windows itself so I see no reason to block these links as they can have legit uses.