Advisory #70
TitleXSOverlay remote code execution via WebSocket
CVE IDNot assigned
VendorXiexe
Affected productXSOverlay
Affected versions< Build 667
Vulnerability typeCWE-1385: Missing Origin Validation in WebSockets
DescriptionXSOverlay had a vulnerability that allowed non-local websites to send the malicious command to the WebSocket API, resulting in the arbitrary code execution
StatusFixed in Build 667
RecommendationUpdate to Build 667 or above.