Arbitrary Command Execution via NCSOFT Game Launcher Custom Protocol Handler

Arbitrary Command Execution via NCSOFT Game Launcher Custom Protocol Handler

CVE-2019-12805 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

NCSOFT Game Launcher, NC Launcher2 2.4.1.691 and earlier versions have a vulnerability in the custom protocol handler that could allow remote attacker to execute arbitrary command. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. This can be leveraged for code execution in the context of the current user.

Learn more about our Web App Pen Testing.