Hi Friend,
I discovered security vulnerabilities in
Kleopatra
, tested on
Kleopatra Version 3.1.8-gpg4win-3.1.10.latest update.
#sumary:
- Unquoted program path in Kleopatra allows local users to execute arbitrary code, via execution and from a compromised folder.
#Description
- Kleopatra allows local users to execute arbitrary code. if file C:\program.exe exists, it will be executed.
#Steps to Reproduce:
- Unquoted program path in Kleopatra allows local users to execute arbitrary code, via execution and from a compromised folder.
#Description
- Kleopatra allows local users to execute arbitrary code. if file C:\program.exe exists, it will be executed.
#Steps to Reproduce:
1. Copy exe file C:\program.exe
2. right-click on the file and choose Encrypt/Decrypt.
3. C:\program.exe will be executed.
#impact:
- I was tested on Kleopatra Version 3.1.8-gpg4win-3.1.10.
- I was tested on Kleopatra Version 3.1.8-gpg4win-3.1.10.
PoC
Thanks and Best regards,
#hoangcuongflp
