← Back to team overview

linuxdcpp-team team mailing list archive

  1. linuxdcpp-team team
  2. Mailing list archive
  3. Message #08456

[Bug 1502650] [NEW] DC++ 0.851 - Arbitrary code execution

  Thread PreviousDate PreviousThread Next 
*** This bug is a security vulnerability ***

Private security bug reported:

Details and PoC:
http://kacperrybczynski.com/research/dcpp_851_arbitrary_code_execution/

By supplying an UNC path in the *.dcext plugin file or main/pm hub chat,
a remote file will be automatically downloaded, which can result in
arbitrary code execution.

** Affects: dcplusplus
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of
Dcplusplus-team, which is subscribed to DC++.
https://bugs.launchpad.net/bugs/1502650

Title:
  DC++ 0.851 - Arbitrary code execution

Status in DC++:
  New

Bug description:
  Details and PoC:
  http://kacperrybczynski.com/research/dcpp_851_arbitrary_code_execution/

  By supplying an UNC path in the *.dcext plugin file or main/pm hub
  chat, a remote file will be automatically downloaded, which can result
  in arbitrary code execution.

To manage notifications about this bug go to:
https://bugs.launchpad.net/dcplusplus/+bug/1502650/+subscriptions

Follow ups

  Thread PreviousDate PreviousThread Next