Summary: This host is installed with TortoiseSVN and is prone to a remote
Impact: Successful exploitation could allow remote attackers to execute
arbitrary code to compromise the target system.
Affected Versions: TortoiseSVN through version 1.12.1.
Technical Details: These vulnerabilities exist:
- The URI handler of TortoiseSVN (Tsvncmd:) allows a customised diff operation on Excel workbooks,
which could be used to open remote workbooks without protection from macro security settings.
- The `tsvncmd:command:diff?path:[file1]?path2:[file2]` will execute a customised diff on [file1]
and [file2] based on the file extension. For xls files, it will execute the script `diff-xls.js`
using wscript, which will open the two files for analysis without any macro security warning.
Recommendations: Update to TortoiseSVN version 1.12.2 or later.
Detection Type: Windows Registry
Solution Type: Vendor Patch
Find and Fix this Vulnerability:
Mageni can help you to find out if you have this or more vulnerabilities exposing you to hackers, ransomware and malware: Download Mageni's Free Edition