Threat Encyclopedia

Telerik Fiddler allows attackers to execute arbitray programs

Description

Telerik Fiddler allows attackers to execute arbitray programs

Analysis

Telerik Fiddler through 5.0.20202.18177 allows attackers to execute arbitrary programs via a hostname with a trailing space character, followed by --utility-and-browser --utility-cmd-prefix= and the pathname of a locally installed program. The victim must interactively choose the Open On Browser option. Fixed in version 5.0.20204.

Affected Products

Telerik Fiddler

CVE References

CVE-2020-13661