FirstClass executes references to files stored in the bookmarks area, allowing the direct execution of arbitrary programs.
aef463767f7ee58aff3654b40aa58121b8aa9a377440a285100b3badac249509
Product: OpenText FirstClass 8.0 Client
Homepage: https://www.firstclass.com
Platform: Microsoft Windows
Description: Insufficient validation of user input allows arbitrary
file execution
FirstClass bookmark files allow the user to organise their web
address's using the familiar FirstClass desktop environment. The
vulnerable field has been highlighted in the attached screen dump. The
URL text string is passed directly to the Windows ShellExecute API,
which allows any local/network file to be executed when the bookmark
is accessed. These bookmark files can also be set to "auto-open" if
the user has sufficient privileges.
A similar issue affecting URL's in FirstClass RTF documents was
apparently reported last year, but remains unpatched.
Simply comparing the first seven characters of the input string to
"https://" should be sufficient protection.
- dila