The ownCloud Client was vunerable to a local code injection attack. A malicious local user could create a special path where the client would load libraries from during startup. As on Windows, everyone by default has the permission to write to the C:
drive and create arbitrary directories and subdirectories, this attack is practically feasible in any non-hardened Windows environment. This could lead to injecting code into other usersโ ownCloud Client.
For more information please consult the official advisory.
This advisory is licensed CC BY-SA 4.0
CPE | Name | Operator | Version |
---|---|---|---|
owncloud desktop | lt | 2.2.3 |