13 lines
No EOL
616 B
Text
13 lines
No EOL
616 B
Text
A vulnerability exists in the way Crimson Editor reads file types from within configuration files and can be exploited, by malicious people, to compromise a vulnerable system.
|
|
|
|
Successful exploitation of this vulnerability allows an attacker to execute arbitrary code, by tricking a user into using a maliciously constructed configuration file (cedt.cfg).
|
|
|
|
This vulnerability is confirmed in Crimson Editor version 3.70.
|
|
|
|
A PoC configuration file can be downloaded here:
|
|
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/11803.zip (cedt.zip)
|
|
|
|
|
|
Ref:
|
|
|
|
* http://www.crimsoneditor.com/ |