Description: | | An argument injection vulnerability exists in Google Apps that can allow execution of arbitrary programs on a vulnerable system. The vulnerability is due to an input validation error in googleapps.exe while parsing the "googleapps.url.mailto://" URI. This can allow remote attackers to run arbitrary programs from a remote share, such as a SMB share, via the "--renderer-path" argument. Successful exploitation would result in execution of arbitrary programs on the vulnerable system with the privileges of the logged in user. |