VULHUB ™

Working Resources BadBlue is a webserver intended to share various resources and is developed for Microsoft Windows environments. Shared files specifically, are served through a library called 'ext.dll'. Due to a flaw in BadBlue it is possible for a user to gain read access to arbitrary directories and files. If a request constructed with '../' sequences is submitted as a parameter to the script used to read Microsoft Office documents, the user may break out of the permitted path. It is then possible to view arbitrary directories and files residing on the host.

Working Resources BadBlue is a webserver intended to share various resources and is developed for Microsoft Windows environments. Shared files specifically, are served through a library called 'ext.dll'. Due to a flaw in BadBlue it is possible for a user to gain read access to arbitrary directories and files. If a request constructed with '../' sequences is submitted as a parameter to the script used to read Microsoft Office documents, the user may break out of the permitted path. It is then possible to view arbitrary directories and files residing on the host.