Local Code Execution Vulnerability in ownCloud Desktop from ownCloud
CVE-2016-7102

8.4HIGH

Key Information:

Vendor: Owncloud
Status: Owncloud Desktop Client
Vendor: CVE Published:; 23 January 2017

What is CVE-2016-7102?

The ownCloud Desktop client prior to version 2.2.3 contains a vulnerability that allows local users to exploit a Trojan library present in a defined path on the C: drive. This exploit enables unauthorized code execution, potentially leading to privilege escalation. Users are encouraged to update to the latest version to mitigate this risk. For further details, refer to the security advisory from ownCloud.

References

http://www.securityfocus.com/bid/92627

vdb-entryx_refsource_BID

https://owncloud.org/security/advisory/?id=oc-sa-2016-016

x_refsource_CONFIRM

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 23, 2017
Vulnerability Reserved
Aug 27, 2016

Owncloud

What is CVE-2016-7102?

References

CVSS V3.1

Timeline