Title: Centrinity FirstClass Client Bookmark Window File Execution Vulnerability
Severity: HIGH
Description:
Centrinity FirstClass Desktop is a client application used to manage the FirstClass server.
FirstClass is reported prone to a vulnerability that may allow remote attackers to cause local arbitrary files to be executed. This issue results from an input validation error.
Specifically, the vulnerability presents itself when a remote attacker sends a specially crafted URI to a user and the user bookmarks the URI in FirstClass. An unspecified field in the FirstClass bookmark management window is not properly sanitized for user-supplied input and the URI can be passed to the Windows ShellExecute API. This can occur when the user accesses the URI subsequent to adding it as a bookmark.
This may be a serious issue if through other means the attacker can cause a malicious file to be placed on the client filesystem and later execute it.
FirstClass 8.0 is reported vulnerable to this issue.
Affected Products:
- Centrinity FirstClass Desktop Client 8.0.0
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
