The autoupdate implementation in TimeDoctor Pro 1.4.72.3 on Windows relies on unsigned installer files that are retrieved without use of SSL, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted file.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2015-08-07T01:00:00

Updated: 2024-08-06T06:18:12.242Z

Reserved: 2015-06-19T00:00:00

Link: CVE-2015-4674

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2015-08-07T01:59:00.130

Modified: 2024-11-21T02:31:32.057

Link: CVE-2015-4674

cve-icon Redhat

No data.