VULHUB ™

A security researcher has reported a simpler variant of the vulnerability described in BID 11466. In that vulnerability, it was theoretically possible for external and untrustworthy HTML / script code to be executed if a maliciously constructed file were "dragged and dropped" and then clicked on. This process involved the victim user manually clicking the file to open it. The author of this report has stated that the new variant removes the step of manually clicking the file. This may allow for automatic compromise if the user will "drag and drop" a malicious file.

A security researcher has reported a simpler variant of the vulnerability described in BID 11466. In that vulnerability, it was theoretically possible for external and untrustworthy HTML / script code to be executed if a maliciously constructed file were "dragged and dropped" and then clicked on. This process involved the victim user manually clicking the file to open it. The author of this report has stated that the new variant removes the step of manually clicking the file. This may allow for automatic compromise if the user will "drag and drop" a malicious file.