Received notification from vendor that vulnerability was fixed in version 1.11. Received reply that the release date of the fixed version is still unknown. ![]() Received reply from vendor that developers have been informed, but no ETA yet. Vulnerability details sent to vendor again via online form (no reply). Vulnerability details sent to vendor via online form (no reply). Update to version 1.11, which fixes this vulnerability. Hence, by tricking a user to download a directory from a malicious FTP server, an attacker can potentially leverage this issue to write files into a user's Startup folder and execute arbitrary code when the user logs on.
0 Comments
Leave a Reply. |