CVE-2012-5003

nxapplet.jar in No Machine NX Web Companion 3.x and earlier does not properly verify the authenticity of updates, which allows user-assisted remote attackers to execute arbitrary code via a crafted (1) SiteUrl or (2) RedirectUrl parameter that points to a Trojan Horse client.zip update file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 80%
VendorProductVersion
nomachinenx_web_companion
𝑥
≤ 3.5.0-2
nomachinenx_web_companion
1.5.0:beta2
nomachinenx_web_companion
1.5.0:beta3
nomachinenx_web_companion
2.0.0-1
nomachinenx_web_companion
2.1.0-1
nomachinenx_web_companion
3.0.0-1
nomachinenx_web_companion
3.0.0-2
nomachinenx_web_companion
3.0.0-3
nomachinenx_web_companion
3.0.0-4
nomachinenx_web_companion
3.0.0-5
nomachinenx_web_companion
3.1.0-1
nomachinenx_web_companion
3.2.0-1
nomachinenx_web_companion
3.3.0-1
nomachinenx_web_companion
3.3.0-2
nomachinenx_web_companion
3.4.0-1
nomachinenx_web_companion
3.4.0-2
nomachinenx_web_companion
3.4.0-3
nomachinenx_web_companion
3.5.0-1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://archives.neohapsis.com/archives/bugtraq/2012-01/0161.html
http://archives.neohapsis.com/archives/fulldisclosure/2012-01/0466.html
http://secunia.com/advisories/47685
https://exchange.xforce.ibmcloud.com/vulnerabilities/72712
http://archives.neohapsis.com/archives/bugtraq/2012-01/0161.html
http://archives.neohapsis.com/archives/fulldisclosure/2012-01/0466.html
http://secunia.com/advisories/47685
https://exchange.xforce.ibmcloud.com/vulnerabilities/72712