CVE-2017-17946
CRITICALHandy Password 4.9.3 - Remote Code Execution via Long Mail Box Title Field
Title source: llmDescription
A buffer overflow in Handy Password 4.9.3 allows remote attackers to execute arbitrary code via a long "Title name" field in "mail box" data that is mishandled in an "Open from mail box" action.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://sidechannel.tempestsi.com/password-manager-flaw-allows-for-arbitrary-command-execution-b6bb273206b1
Mailing List, Third Party Advisory x_refsource_misc
http://seclists.org/fulldisclosure/2018/Jan/22
Scores
CVSS v3
9.8
EPSS
0.0276
EPSS Percentile
84.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-119
Status
published
Products (1)
novosoft/handy_password
4.9.3
Published
Jan 10, 2018
Tracked Since
Feb 18, 2026