Title: CVE-2019-9847 Executable hyperlink targets executed unconditionally on activation
Announced: May 8, 2019
Fixed in: 6.1.6/6.2.3
Before 6.1.6/6.2.3 under Windows and macOS when processing a hyperlink target explicitly activated by the user there was no judgment made on whether the target was an executable file, so such executable targets were launched unconditionally.
In the fixed versions, such executables are not executed on hyperlink activation.
Thanks to Zhongcheng Li(CK01) of Pox Security Team for reporting this issue