Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

firstclass71.txt

🗓️ 08 Jan 2004 00:00:00Reported by Richard MaudsleyType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 23 Views

Malicious link clicks may lead to local file execution via FirstClass Desktop Client 7.1.

Code
`Product: FirstClass Desktop Client 7.1  
Developer: SoftArc  
URL: http://www.softarc.com/  
  
Description: Users clicking on a maliciously crafted link will result in   
local file execution.  
  
Details:  
FirstClass RTF formatted messages can include hyper-links to web URL's.   
When the messages recipient clicks on the URL the web browser is launched   
and navigates to the links URL. Crafting a malicious link is as simple as   
typing the local filename into the URL field of the form.  
  
The most effective exploit would be to execute logoff.exe, forcefully   
terminating all running processes and logging the user out of their account.  
  
C:\WINDOWS\SYSTEM32\LOGOFF.EXE  
  
I wanted to mess with this further, but don't have time.  
  
Also note that other protocols can be used to launch their associated   
software.  
  
For example, hcp:// would launch the Windows help control panel,   
telnet://.... you get the idea.  
  
Goodnight,  
Richard Maudsley  
  
http://www.mindblock.org/  
Greetings: Windsor Boys School  
Matt & Dave: nice job on the network.  
Greetings: French, Garlic, Shiva -- WBS Security Crew ;)  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
08 Jan 2004 00:00Current
7.4High risk
Vulners AI Score7.4
malicious linklocal file executionurl hyperlinkfirstclass desktop clientlogoff.exe exploitsecurity issue.
23