Bug 1201622 – VUL-0: CVE-2016-15003: filezilla,libfilezilla: Ḿanipulation of uninstaller leads to unquoted search path

Bug 1201622 - (CVE-2016-15003) VUL-0: CVE-2016-15003: filezilla,libfilezilla: Ḿanipulation of uninstaller leads to unquoted search path

(CVE-2016-15003)
Summary:	VUL-0: CVE-2016-15003: filezilla,libfilezilla: Ḿanipulation of uninstaller le...

Status:	RESOLVED INVALID

Classification:	openSUSE
Product:	openSUSE Distribution
Classification:	openSUSE
Component:	Security
Version:	Leap 15.4
Hardware:	Other Other

Priority:	P5 - None Severity: Minor (vote)
Target Milestone:	---
Assigned To:	Eric Schirra
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/337577/
Whiteboard:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2022-07-19 07:10 UTC by Hu
Modified:	2022-07-19 07:10 UTC (History)
CC List:	0 users

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Hu 2022-07-19 07:10:40 UTC

CVE-2016-15003

A vulnerability has been found in FileZilla Client 3.17.0.0 and classified as
problematic. This vulnerability affects unknown code of the file C:\Program
Files\FileZilla FTP Client\uninstall.exe of the component Installer. The
manipulation leads to unquoted search path. The attack can be initiated
remotely. The exploit has been disclosed to the public and may be used.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-15003
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-15003
https://www.exploit-db.com/exploits/39803/
https://vuldb.com/?id.97204
https://youtu.be/r06VwwJ9J4M

Comment 1 Hu 2022-07-19 07:10:57 UTC

Closing, not affected:
- openSUSE:Backports:SLE-15-SP3/filezilla     3.31.0
- openSUSE:Backports:SLE-15-SP4/filezilla     3.31.0
- openSUSE:Factory/filezilla                  3.60.1
- openSUSE:Backports:SLE-15-SP3/libfilezilla  0.12.2
- openSUSE:Backports:SLE-15-SP4/libfilezilla  0.12.2
- openSUSE:Factory/libfilezilla               0.37.2