Security Advisory

CVE-2014-1861

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2014-02-18 11:00:00

Last updated 2024-08-06 09:58:14

Assigner mitre

State PUBLISHED

Description

The client in Jetro COCKPIT Secure Browsing (JCSB) 4.3.1 and 4.3.3 does not validate the FileName element in an RDP_FILE_TRANSFER document, which allows remote JCSB servers to execute arbitrary programs by providing a .EXE extension.

← Browse all CVEs View on cve.org ↗