GREED 0.81 - '.GRX' File List Command Execution

EDB-ID:

25034

CVE:

N/A




Platform:

Windows

Date:

2004-12-15


source: https://www.securityfocus.com/bid/12034/info

greed (Get and Resume Elite Edition) is prone to unauthorized command execution. This issue is exposed when the application processes a GRX file list that specifies shell metacharacters and commands in file names on the list. GRX file lists allow file downloads to be scripted. Since GRX file lists may originate from an external or untrusted source, this vulnerability is considered to be remote in nature.

Successful exploitation will result in command execution in the context of the application. 

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/25034.zip