Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in in TortoiseSVN 1.12.1. The Tsvncmd: URI handler allows a customised diff operation on Excel workbooks, which could be used to open remote workbooks without protection from macro security settings to execute arbitrary code. A tsvncmd:command:diff?path:[file1]?path2:[file2] URI will execute a customised diff on [file1] and [file2] based on the file extension. For xls files, it will execute the script diff-xls.js using wscript, which will open the two files for analysis without any macro security warning. An attacker can exploit this by putting a macro virus in a network drive, and force the victim to open the workbooks and execute the macro inside.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
TortoiseSVN 安全特征问题漏洞
Vulnerability Description
TortoiseSVN是一款用于Subversion版本控制系统的开源客户端程序。 TortoiseSVN 1.12.1版本中存在远程代码执行漏洞,该漏洞源于URI处理程序(Tsvncmd:)允许在Excel工作簿上进行定制的diff操作,在不受宏安全设置保护的情况下,该操作可能会用于打开远程工作簿。攻击者可利用该漏洞执行代码。
CVSS Information
N/A
Vulnerability Type
N/A