VULHUB ™

A vulnerability has been identified in multiple products from multiple vendors that may allow a remote attacker to create or modify arbitrary files; these issues relate to the processing of URI requests via various protocol handlers including telnet, rlogin, ssh and mailto. The vulnerability presents itself because applications fail to validate URI input; if a '-' character precedes the host name it is possible to pass options to an application that handles the protocol. Successful exploitation of this issue may allow a remote attacker to create or modify arbitrary files, resulting in a denial of service condition in the browser. The attack would occur in the context of the user running the vulnerable browser. This BID is currently under review and will be updated, and possible separated into multiple issues, when more information becomes available.

A vulnerability has been identified in multiple products from multiple vendors that may allow a remote attacker to create or modify arbitrary files; these issues relate to the processing of URI requests via various protocol handlers including telnet, rlogin, ssh and mailto. The vulnerability presents itself because applications fail to validate URI input; if a '-' character precedes the host name it is possible to pass options to an application that handles the protocol. Successful exploitation of this issue may allow a remote attacker to create or modify arbitrary files, resulting in a denial of service condition in the browser. The attack would occur in the context of the user running the vulnerable browser. This BID is currently under review and will be updated, and possible separated into multiple issues, when more information becomes available.