HIGH🇵🇱 Wersja polska

CVE-2024-3459

CVSS 8.4v3.1pub. 2024-05-14upd. 2025-02-12

KioWare for Windows (versions all through 8.34) allows to escape the environment by downloading PDF files, which then by default are opened in an external PDF viewer. By using built-in functions of that viewer it is possible to launch a web browser, search through local files and, subsequently, launch any program with user privileges.

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Kioware

    APP
    Kioware
    ≤ 8.34
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-3460HIGH7.4ten sam produkt

In KioWare for Windows (versions all through 8.34) it is possible to exit this software and use other already ...

CVE-2023-34641HIGH7.8ten sam produkt

KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog ...

CVE-2023-34642HIGH7.8ten sam produkt

KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog ...

CVE-2024-3461MEDIUM6.2ten sam produkt

KioWare for Windows (versions all through 8.35) allows to brute force the PIN number, which protects the appli...

CVE-2022-44875MEDIUM5.4ten sam produkt

KioWare through 8.33 on Windows sets KioScriptingUrlACL.AclActions.AllowHigh for the about:blank origin, which...