Dropbox Information for VU#894897

NSIS Inetc plug-in fails to validate SSL certificates

Status

Affected

Vendor Statement

Dropbox patched its service within hours of notification, and the fix went live on March 4, 2015. All Dropbox clients are safe, and there is no evidence to indicate the vulnerability was ever exploited. Users are not vulnerable and don't need to take any action.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

None

Addendum

Dropbox 3.2.9 addresses this issue by performing additional validation of downloaded files.

If you have feedback, comments, or additional information about this vulnerability, please send us email.