ownCloud: Arbitrary Code Injection in ownCloud’s Windows Client

The current ownCloud Windows Desktop client is prone to an arbitrary code injection vulnerability. The underlying issue is that the ownCloud desktop client tries to load QT extensions from C:\usr\i686-w64-mingw32\sys-root\mingw\lib\qt5\plugins. As any authenticated user on Windows is allowed to...