5 matches found
CVE-2020-24772
In Dreamacro Clash for Windows v0.11.4, an attacker could embed a malicious iframe in a website with a crafted URL that would launch the Clash Windows client and force it to open a remote SMB share. Windows will perform NTLM authentication when opening the SMB share and that request can be relaye...
EUVD-2020-17482
Malware in sbrugna...
CVE-2020-24772
In Dreamacro Clash for Windows v0.11.4, an attacker could embed a malicious iframe in a website with a crafted URL that would launch the Clash Windows client and force it to open a remote SMB share. Windows will perform NTLM authentication when opening the SMB share and that request can be relaye...
Open redirect
In Dreamacro Clash for Windows v0.11.4, an attacker could embed a malicious iframe in a website with a crafted URL that would launch the Clash Windows client and force it to open a remote SMB share. Windows will perform NTLM authentication when opening the SMB share and that request can be relaye...
CVE-2020-24772
Affected software: Dreamacro Clash for Windows v0.11.4. The vulnerability arises when an attacker embeds a malicious iframe in a website with a crafted URL that launches the Clash Windows client and forces it to open a remote SMB share. Windows will perform NTLM authentication when accessing the ...