Google Web Designer Path Traversal Vulnerability Leading to Remote Code Execution
Vulnerability
A path traversal vulnerability has been identified in Google Web Designer's template handling on Windows, in versions prior to 16.3.0.0407. This vulnerability allows an attacker to achieve remote code execution by tricking users into downloading a malicious ad template. The issue arises from improper URL parsing in the application's handling of template metadata, which can be exploited to overwrite arbitrary files and execute malicious payloads on the user's computer.
Impact
Exploitation of this vulnerability allows for remote code execution on the affected user's Windows machine, with the executed code running in the context of the user.
Reproduction
To reproduce this vulnerability, download and extract a malicious ad template ZIP package into Google Web Designer's default template directory. Then, open Google Web Designer and use the 'Use a template' functionality to create a new ad or edit an existing one. The application will download any specified remote assets, including the malicious payload, and execute it the next time the user logs into Windows.
Remediation
Users can update to Google Web Designer version 16.3.0.0407 or later to address this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.