Vulnerability Details CVE-2012-5003
nxapplet.jar in No Machine NX Web Companion 3.x and earlier does not properly verify the authenticity of updates, which allows user-assisted remote attackers to execute arbitrary code via a crafted (1) SiteUrl or (2) RedirectUrl parameter that points to a Trojan Horse client.zip update file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.015
EPSS Ranking 80.2%
CVSS Severity
CVSS v2 Score 6.8
References
- http://archives.neohapsis.com/archives/bugtraq/2012-01/0161.html
- http://archives.neohapsis.com/archives/fulldisclosure/2012-01/0466.html
- http://secunia.com/advisories/47685
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72712
- http://archives.neohapsis.com/archives/bugtraq/2012-01/0161.html
- http://archives.neohapsis.com/archives/fulldisclosure/2012-01/0466.html
- http://secunia.com/advisories/47685
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72712
Products affected by CVE-2012-5003
-
cpe:2.3:a:nomachine:nx_web_companion:1.5.0
-
cpe:2.3:a:nomachine:nx_web_companion:2.0.0-1
-
cpe:2.3:a:nomachine:nx_web_companion:2.1.0-1
-
cpe:2.3:a:nomachine:nx_web_companion:3.0.0-1
-
cpe:2.3:a:nomachine:nx_web_companion:3.0.0-2
-
cpe:2.3:a:nomachine:nx_web_companion:3.0.0-3
-
cpe:2.3:a:nomachine:nx_web_companion:3.0.0-4
-
cpe:2.3:a:nomachine:nx_web_companion:3.0.0-5
-
cpe:2.3:a:nomachine:nx_web_companion:3.1.0-1
-
cpe:2.3:a:nomachine:nx_web_companion:3.2.0-1
-
cpe:2.3:a:nomachine:nx_web_companion:3.3.0-1
-
cpe:2.3:a:nomachine:nx_web_companion:3.3.0-2
-
cpe:2.3:a:nomachine:nx_web_companion:3.4.0-1
-
cpe:2.3:a:nomachine:nx_web_companion:3.4.0-2
-
cpe:2.3:a:nomachine:nx_web_companion:3.4.0-3
-
cpe:2.3:a:nomachine:nx_web_companion:3.5.0-1
-
cpe:2.3:a:nomachine:nx_web_companion:3.5.0-2