CVE-2019-9847

Title: CVE-2019-9847 Executable hyperlink targets executed unconditionally on activation

Announced: May 8, 2019

Fixed in: 6.1.6/6.2.3

Description:

Before 6.1.6/6.2.3 under Windows and macOS when processing a hyperlink target explicitly activated by the user there was no judgment made on whether the target was an executable file, so such executable targets were launched unconditionally.

In the fixed versions, such executables are not executed on hyperlink activation.

Credits:

Thanks to Zhongcheng Li(CK01) of Pox Security Team for reporting this issue

References:

    CVE-2019-9847