CVE-2016-7102 — Code Injection in Desktop Client

CWE-94 — Code Injection3 documents3 sources

Severity

8.4HIGHNVD

EPSS

0.2%

top 62.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Owncloud Desktop Client

Timeline

PublishedJan 23

Latest updateMay 13

Description

ownCloud Desktop before 2.2.3 allows local users to execute arbitrary code and possibly gain privileges via a Trojan library in a "special path" in the C: drive.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.5 | Impact: 5.9

Affected Packages1 packages

▶NVDowncloud/owncloud_desktop_client2.2.2

🔴Vulnerability Details

GHSA

GHSA-fc3x-fwmh-vhjx: ownCloud Desktop before 2↗2022-05-13

▶

OSV

CVE-2016-7102: ownCloud Desktop before 2↗2017-01-23

▶