2022-04-15 20:41:14
mitre
PUBLISHED
Notable before 1.9.0-beta.8 doesnt effectively prevent the opening of executable files when clicking on a link. There is improper validation of the file URI scheme. A hyperlink to an SMB share could lead to execution of an arbitrary program (or theft of NTLM credentials via an SMB relay attack, because the application resolves UNC paths).