N/A

This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Samsung Email Fixed in version 5.0.02.16. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of file:/// URIs. The issue lies in the lack of proper validation of user-supplied data, which can allow for reading arbitrary files. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges. Was ZDI-CAN-5329.

N/A

路径遍历：’/absolute/pathname/here’

Samsung Email 信息泄露漏洞

Samsung Email是韩国三星（Samsung）公司的一款用于收发和管理电子邮件的应用程序。 Samsung Email中file:/// URIs的处理存在信息泄露漏洞，该漏洞源于程序没有正确的验证用户提交的数据。本地攻击者可通过获取低权限代码的执行权限利用该漏洞泄露敏感信息。

N/A

N/A