N/A

Telerik Fiddler through 5.0.20202.18177 allows attackers to execute arbitrary programs via a hostname with a trailing space character, followed by --utility-and-browser --utility-cmd-prefix= and the pathname of a locally installed program. The victim must interactively choose the Open On Browser option. Fixed in version 5.0.20204.

N/A

N/A

Telerik Fiddler 安全漏洞

Telerik Fiddler是一款HTTP协议调试代理工具。 Telerik Fiddler 5.0.20202.18177及之前版本存在注入漏洞，该漏洞允许攻击者通过结尾带有空格字符的主机名，然后再跟上--utility-and-browser --utility-cmd-prefix= （本地程序安装路径）参数来执行任意程序。

N/A

N/A