Lucene search
Florian Bogner – Vulnerability discovery and disclosure.OWNCLOUD:B547D2D533D60DB2EB9BE3EFA66A2D2EHistoryAug 17, 2016 - 11:43 a.m.
Local Code Injection - ownCloud
2016-08-1711:43:23
Florian Bogner – Vulnerability discovery and disclosure.
owncloud.org
488
0.001 Low
EPSS
Percentile
36.5%
The ownCloud Client was vunerable to a local code injection attack. A malicious local user could create a special path where the client would load libraries from during startup. As on Windows, everyone by default has the permission to write to the C: drive and create arbitrary directories and subdirectories, this attack is practically feasible in any non-hardened Windows environment. This could lead to injecting code into other users’ ownCloud Client.
Affected Software
- ownCloud Desktop < 2.2.3 (CVE-2016-7102)
Action Taken
To protect our users ownCloud has issued the 2.2.3 client which no longer loads code from this location.
Acknowledgements
The ownCloud team thanks the following people for their research and responsible disclosure of the above advisory:
- Florian Bogner - Vulnerability discovery and disclosure.
| CPE | Name | Operator | Version |
|---|---|---|---|
| desktop-clients | lt | 2.2.3 |
Related
ubuntucve
ubuntucve
CVE-2016-7102
2017-01-23 00:00:00
cvelist
cvelist
CVE-2016-7102
2017-01-23 21:00:00
owncloud
owncloud
Local Code Injection â ownCloud Security Advisory
2016-08-17 00:00:00
Desktop Client: Local Code Injection
2016-08-17 17:37:31
osv
osv
CVE-2016-7102
2017-01-23 21:59:02
nvd
nvd
CVE-2016-7102
2017-01-23 21:59:02
cve
cve
CVE-2016-7102
2017-01-23 21:59:02
prion
prion
Code injection
2017-01-23 21:59:00