Hi Friend, I discovered security vulnerabilities in Kleopatra , tested on Kleopatra Version 3.1.8-gpg4win-3.1.10.latest update.
#sumary: - Unquoted program path in Kleopatra allows local users to execute arbitrary code, via execution and from a compromised folder. #Description - Kleopatra allows local users to execute arbitrary code. if file C:\program.exe exists, it will be executed. #Steps to Reproduce: 1. Copy exe file C:\program.exe 2. right-click on the file and choose Encrypt/Decrypt. 3. C:\program.exe will be executed. #impact: - I was tested on Kleopatra Version 3.1.8-gpg4win-3.1.10. PoC [image: image.png] Thanks and Best regards, #hoangcuongflp
