CVE-2014-1861

Published: Feb 18, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

The client in Jetro COCKPIT Secure Browsing (JCSB) 4.3.1 and 4.3.3 does not validate the FileName element in an RDP_FILE_TRANSFER document, which allows remote JCSB servers to execute arbitrary programs by providing a .EXE extension.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

20140217 Jetro Cockpit Secure Browsing vulnerability - Client missing input validation allowing RCE

mailing-list

x_refsource_BUGTRAQ

http://blog.quaji.com/2014/02/remote-code-execution-on-all-enterprise.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2014-1861

Description

Affected Products

References