Advisory #70
Title | XSOverlay remote code execution via WebSocket |
CVE ID | Not assigned |
Vendor | Xiexe |
Affected product | XSOverlay |
Affected versions | < Build 667 |
Vulnerability type | CWE-1385: Missing Origin Validation in WebSockets |
Description | XSOverlay had a vulnerability that allowed non-local websites to send the malicious command to the WebSocket API, resulting in the arbitrary code execution |
Status | Fixed in Build 667 |
Recommendation | Update to Build 667 or above. |