HIGH🇬🇧 English

CVE-2023-34642

CVSS 7.8v3.1pub. 2023-06-19upd. 2024-12-12

KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. This issue can allow attackers to open a file dialog box via the function showDirectoryPicker() which can then be used to open an unprivileged command prompt.

oryginał EN
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Kioware

    APP
    Kioware
    ≤ 8.33
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Command Injection
CWE
Referencje

Powiązane podatności

CVE-2024-3459HIGH8.4ten sam produkt

KioWare for Windows (versions all through 8.34) allows to escape the environment by downloading PDF files, whi...

CVE-2024-3460HIGH7.4ten sam produkt

In KioWare for Windows (versions all through 8.34) it is possible to exit this software and use other already ...

CVE-2023-34641HIGH7.8ten sam produkt

KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog ...

CVE-2024-3461MEDIUM6.2ten sam produkt

KioWare for Windows (versions all through 8.35) allows to brute force the PIN number, which protects the appli...

CVE-2022-44875MEDIUM5.4ten sam produkt

KioWare through 8.33 on Windows sets KioScriptingUrlACL.AclActions.AllowHigh for the about:blank origin, which...