CVE-2017-11197

A low-privilege user opens the Viewfinity Control Panel from the system tray, clicks "Add Printer," and navigates through the printer-add wizard. When prompted to browse for a shared printer, the user types "C:\windows\system32\cmd.exe" directly into the file browser window and presses Enter [ref_id=1]. This spawns a command prompt running with administrative privileges, bypassing the intended access controls [ref_id=1].

The vulnerability resides in the "add printer" functionality of the Viewfinity Control Panel. The file browser dialog within the printer-add wizard does not restrict navigation to printer-related paths, allowing the user to browse the entire filesystem [ref_id=1]. No specific source files or function names are identified in the available references.

The vendor addressed this vulnerability in Viewfinity agent version 6.1.1.220 [ref_id=1]. No patch diff is available in the bundle, but the fix presumably restricts the file browser within the "add printer" wizard to only allow selection of printer-related paths or executables, preventing arbitrary program execution. Users should upgrade to v6.1.1.220 or later to remediate the issue [ref_id=1].

1. Right-click the Viewfinity system tray icon and select "Open Viewfinity Control Panel..." 2. Click "Add Printer" 3. Click "Add a network, wireless or Bluetooth printer" 4. Click "The printer that I want isn't listed" 5. Click "Select a shared printer by name" 6. Click the "Browse..." icon 7. In the browser window, type "C:\windows\system32\cmd.exe" and press Enter 8. A command prompt opens with administrative privileges; verify with "net session" [ref_id=1].