WebCatalog before version 48.8 is vulnerable to arbitrary protocol execution due to calling the Electron shell.openExternal function without proper verification of the URL, allowing an attacker to execute code through arbitrary protocols on the victim's machine by tricking users into syncing pages with malicious URLs. This could result in bypassing security measures for malicious file delivery.
WebCatalog version 48.4 and earlier does not properly validate URLs before calling the Electron shell.openExternal function, enabling an attacker to execute code via arbitrary protocols when users interact with malicious URLs. This can lead to the bypassing of security mechanisms for delivering malicious files.
Services By CQR