Описание
Lack of data sanitization was found in cURL command line tool for Windows. By exploiting this vulnerability malicious users can write arbitrary local file. This vulnerability can be exploited remotely via a specially designed file name.
Technical details
cURL does not sanitize colons in a remote file name when options -O or -OJ is used and remote file name contains colons. This vulnerability is exploitable only on Windows cause it’s the only system which interprets colon as mark of drive letter. You can look for multiple technical details, examples and recommendations at original vendor advisory.
Первичный источник обнаружения
Связанные продукты
Список CVE
- CVE-2016-0754 warning
Смотрите также
Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com