CVEs-PoC/2021/CVE-2021-37617.md

### [CVE-2021-37617](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37617)
![](https://img.shields.io/static/v1?label=Product&message=security-advisories&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-426%3A%20Untrusted%20Search%20Path&color=brighgreen)

### Description

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. The Nextcloud Desktop Client invokes its uninstaller script when being installed to make sure there are no remnants of previous installations. In versions 3.0.3 through 3.2.4, the Client searches the `Uninstall.exe` file in a folder that can be written by regular users. This could lead to a case where a malicious user creates a malicious `Uninstall.exe`, which would be executed with administrative privileges on the Nextcloud Desktop Client installation. This issue is fixed in Nextcloud Desktop Client version 3.3.0. As a workaround, do not allow untrusted users to create content in the `C:\` system folder and verify that there is no malicious `C:\Uninstall.exe` file on the system.

### POC

#### Reference
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6q2w-v879-q24v

#### Github
No PoCs found on GitHub currently.