CVE-2020-24972

HIGH

Kleopatra <3.1.12 - Code Execution via openpgp4fpr URL Handling

Title source: manual

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-24972. PoCs published by SpiralBL0CK.

AI-analyzed exploit summary This PoC exploits CVE-2020-24972 by leveraging the Qt platformpluginpath command-line option to load a malicious DLL. The DLL, when loaded by a vulnerable application like Kleopatra, executes arbitrary code via a MessageBox pop-up as a proof of concept.

Description

The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG allows remote attackers to execute arbitrary code because openpgp4fpr: URLs are supported without safe handling of command-line options. The Qt platformpluginpath command-line option can be used to load an arbitrary DLL.

Exploits (1)

nomisec WORKING POC 1 stars

by SpiralBL0CK · poc

https://github.com/SpiralBL0CK/CVE-2020-24972

View Code ZIP pw:eip

This PoC exploits CVE-2020-24972 by leveraging the Qt platformpluginpath command-line option to load a malicious DLL. The DLL, when loaded by a vulnerable application like Kleopatra, executes arbitrary code via a MessageBox pop-up as a proof of concept.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Applications using Qt (e.g., Kleopatra)

No auth needed

Prerequisites: Vulnerable Qt-based application · Ability to place malicious DLL in a controlled path · User interaction to trigger the application with the malicious command-line argument

MITRE ATT&CK

T1548.001 - Setuid and Setgid

devstral-2 · analyzed Feb 16, 2026 Full analysis →