ISL Light Desktop 3.5.4 Information Disclosure

`CVE-2013-6237:ISL Light - Desktop 3.5.4, Clipboard security issue  
  
  
In cases where a person is hosting a sharing session and allows a remote  
user to see what is happening on the local PC, it’s been discovered that if  
you locally copy something like a hidden password to the local clipboard,  
then the remote user will be able to directly paste it in clear text into a  
notepad or other form of document, effectively gaining access to the  
password. Not possible to lock this functionality.  
  
  
Example,  
1. You start ISLonline Console session  
2. External consultant joins session using ISLonline Support  
3. You copy a password into your computers copy buffer  
a. E.g. from KeePass Password Manager  
4. Security issue: External consultants can now paste your password  
into e.g. his own Notepad as see it in clear text  
a. Password is revealed  
b. The other problem is that password remain in his copy buffer  
after session ends  
c. E.g. KeePass’s auto clean copy buffer feature does not  
prevent problem  
  
  
Vendor: http://www.islonline.com/  
  
Vendor issue code: ISLLIGHT-557,  
http://www.islonline.com/help/isl-releases-info/any/manual/?2013-11-29-rel-info-isl-light-desktop-plugin-1-4-7-win.htm  
  
Affected product: ISL light 3.5.4 compiled on Sep 26 2013 revision 30035  
  
Solved: ISL Light Desktop plugin for Windows 1.4.7 (2013-11-29)  
  
Credit: This issue was reported by Juan Francisco Bolivar  
es.linkedin.com/in/jfbolivar/  
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6237  
  
J. Francisco Bolivar  
`