Argument injection vulnerability in Avant Browser 10.1 Build 17 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-88,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| avantbrowser | avant_browser | 10.1 |