MeteoInfo icon indicating copy to clipboard operation
MeteoInfo copied to clipboard
verified publisher icon meteoinfo

Uncontrolled search path

Open Zero871015 opened this issue 4 years ago • 1 comments

Describe

If there is a file named "cmd.exe" located at Meteoinfo's working directory, when we run Meteoinfo, the file will be executed.

How To Reproduce

  1. Copy "calc.exe" to the folder of Meteoinfoand rename to "cmd.exe" (Just for test).
  2. Execute "MeteoInfoLab.exe"
  3. Your "calc.exe"(cmd.exe) is executed. image image

Here is demo.

CVE-2019-17664

I was working on CVE-2019-17664, and it indicates that the problem is on Jython not Ghidra. Jython already raised the issue to fix it on next version(Jython 2.7.3), but for now is only 2.7.2. I just that you know the Jython exploits, you can fix it yourself or wait Jython patch.

Environment

  • OS: Windows 10 x64
  • Version: MeteoInfoLab 3.1.0

Zero871015 avatar Jul 30 '21 13:07 Zero871015

Thanks for this issue report!

Yaqiang avatar Aug 04 '21 00:08 Yaqiang