CVE-2012-5003

Published: Sep 19, 2012Modified: Apr 29, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

nxapplet.jar in No Machine NX Web Companion 3.x and earlier does not properly verify the authenticity of updates, which allows user-assisted remote attackers to execute arbitrary code via a crafted (1) SiteUrl or (2) RedirectUrl parameter that points to a Trojan Horse client.zip update file.

Affected (18)

Products: Nomachine: Nx Web Companion

Nomachine

1 product

Nx Web Companion

Configuration A

18 vulnerable

Vulnerable Software	Affected Versions
Nomachine Nx Web Companion	Up to 3.5.0-2
Nomachine Nx Web Companion	Version 1.5.0 beta2
Nomachine Nx Web Companion	Version 1.5.0 beta3
Nomachine Nx Web Companion	Version 2.0.0-1
Nomachine Nx Web Companion	Version 2.1.0-1
Nomachine Nx Web Companion	Version 3.0.0-1
Nomachine Nx Web Companion	Version 3.0.0-2
Nomachine Nx Web Companion	Version 3.0.0-3
Nomachine Nx Web Companion	Version 3.0.0-4
Nomachine Nx Web Companion	Version 3.0.0-5
Nomachine Nx Web Companion	Version 3.1.0-1
Nomachine Nx Web Companion	Version 3.2.0-1
Nomachine Nx Web Companion	Version 3.3.0-1
Nomachine Nx Web Companion	Version 3.3.0-2
Nomachine Nx Web Companion	Version 3.4.0-1
Nomachine Nx Web Companion	Version 3.4.0-2
Nomachine Nx Web Companion	Version 3.4.0-3
Nomachine Nx Web Companion	Version 3.5.0-1