Krajowa Izba Rozliczeniowa Szafir SDK Web SzafirHost Unauthenticated Arbitrary Argument Application Launch Vulnerability

A vulnerability exists in the Szafir SDK Web browser plugin, which can launch the SzafirHost application with arbitrary arguments. This issue affects all versions of Szafir SDK Web prior to 0.0.17.4 and all versions of SzafirHost prior to 1.1.0. An unauthenticated attacker can create a website that triggers the SzafirHost application through the Szafir SDK Web addon. The vulnerability arises because there is no validation of the 'document_base_url' parameter, allowing it to be manipulated. When the application is launched, it can download additional files from the attacker's specified URL. If the victim has previously allowed the application to run for that URL with the 'remember' option, the confirmation prompt is bypassed, and the application executes with the attacker's parameters without any user interaction.

Impact

Exploitation of this vulnerability allows for the unauthorized launch of the SzafirHost application with arbitrary arguments, potentially leading to the download and execution of malicious files from the attacker's specified URL.

Remediation

Users can update to Szafir SDK Web version 0.0.17.4 or later to address this vulnerability. For SzafirHost, the application should be updated to version 1.1.0 or later.