Bug 1201622 - (CVE-2016-15003) VUL-0: CVE-2016-15003: filezilla,libfilezilla: Ḿanipulation of uninstaller leads to unquoted search path
(CVE-2016-15003)
VUL-0: CVE-2016-15003: filezilla,libfilezilla: Ḿanipulation of uninstaller le...
Status: RESOLVED INVALID
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Security
Leap 15.4
Other Other
: P5 - None : Minor (vote)
: ---
Assigned To: Eric Schirra
Security Team bot
https://smash.suse.de/issue/337577/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-07-19 07:10 UTC by Hu
Modified: 2022-07-19 07:10 UTC (History)
0 users

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Hu 2022-07-19 07:10:40 UTC
CVE-2016-15003

A vulnerability has been found in FileZilla Client 3.17.0.0 and classified as
problematic. This vulnerability affects unknown code of the file C:\Program
Files\FileZilla FTP Client\uninstall.exe of the component Installer. The
manipulation leads to unquoted search path. The attack can be initiated
remotely. The exploit has been disclosed to the public and may be used.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-15003
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-15003
https://www.exploit-db.com/exploits/39803/
https://vuldb.com/?id.97204
https://youtu.be/r06VwwJ9J4M
Comment 1 Hu 2022-07-19 07:10:57 UTC
Closing, not affected:
- openSUSE:Backports:SLE-15-SP3/filezilla     3.31.0
- openSUSE:Backports:SLE-15-SP4/filezilla     3.31.0
- openSUSE:Factory/filezilla                  3.60.1
- openSUSE:Backports:SLE-15-SP3/libfilezilla  0.12.2
- openSUSE:Backports:SLE-15-SP4/libfilezilla  0.12.2
- openSUSE:Factory/libfilezilla               0.37.2