Telerik Fiddler up to and including 5.0.20202.18177 allows malicious users to execute arbitrary programs via a hostname with a trailing space character, followed by --utility-and-browser --utility-cmd-prefix= and the pathname of a locally installed program. The victim must interactively choose the Open On Browser option. Fixed in version 5.0.20204.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
telerik fiddler |