Unauthenticated Remote Code Execution in Hotfoon 4.0 via Unnotified Browser Links

Unauthenticated Remote Code Execution in Hotfoon 4.0 via Unnotified Browser Links

CVE-2004-1511 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

Hotfoon 4.0 does not notify users before opening links in web browsers, which could allow remote attackers to execute arbitrary code via a certain link sent in a chat window.

Learn more about our Web App Pen Testing.