A vulnerability exists in the way Crimson Editor reads file types from within configuration files and can be exploited, by malicious people, to compromise a vulnerable system. |
|
Successful exploitation of this vulnerability allows an attacker to execute arbitrary code, by tricking a user into using a maliciously constructed configuration file (cedt.cfg). |
|
This vulnerability is confirmed in Crimson Editor version 3.70. |
|
A PoC configuration file can be downloaded here: |
http://www.exploit-db.com/sploits/cedt.zip |
|
|
Ref: |
|
* http://www.crimsoneditor.com/ |
0 条评论。