Outlook For Android Directory Traversal

There is a directory traversal issue in attachment downloads in Outlook for Android. There is no path sanitization on the attachment filename in the app. If the email account is a Hotmail account, this will be sanitized by the server, but for other accounts it will not be. This allows a file to be written anywhere on the filesystem that the Outlook app can access when an attached image is viewed in the Outlook app.


MD5 | e8ab0a54dab1528a6ee7935cbb5ea74f


Related Posts

Comments