Hillstone Networks

RULE（RULE ID：332964）

Rule General Information


Release Date:		2021-03-26

Rule Name:		Google Apps googleapps.url.mailto URI Argument Injection Vulnerability

Severity:

CVE ID:

Rule Protection Details


Description:		An argument injection vulnerability exists in Google Apps that can allow execution of arbitrary programs on a vulnerable system. The vulnerability is due to an input validation error in googleapps.exe while parsing the "googleapps.url.mailto://" URI. This can allow remote attackers to run arbitrary programs from a remote share, such as a SMB share, via the "--renderer-path" argument. Successful exploitation would result in execution of arbitrary programs on the vulnerable system with the privileges of the logged in user.

Impact:		An attacker could exploit this vulnerability to have unspecified effect.

Affected OS:		Windows, Linux, Others

Reference:

Solutions

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.