CVSS: 6.8EPSS: 5%CPEs: 18EXPL: 0CVE-2012-5003
https://notcve.org/view.php?id=CVE-2012-5003
nxapplet.jar in No Machine NX Web Companion 3.x and earlier does not properly verify the authenticity of updates, which allows user-assisted remote attackers to execute arbitrary code via a crafted (1) SiteUrl or (2) RedirectUrl parameter that points to a Trojan Horse client.zip update file. nxapplet.jar en No Machine NX Web Companion 3.x y anteriores no verifican de forma adecuada la autenticidad de actualizaciones, o que permite a atacantes remotos asistidos por usuarios locales a ejecutar código mediante (1) SiteUrl manipulado o (2) parámetro RedirectUrl que apunta a un fichero de actualización client.zip troyanizados. • http://archives.neohapsis.com/archives/bugtraq/2012-01/0161.html http://archives.neohapsis.com/archives/fulldisclosure/2012-01/0466.html http://secunia.com/advisories/47685 https://exchange.xforce.ibmcloud.com/vulnerabilities/72712 • CWE-287: Improper Authentication •