Описание
A directory traversal vulnerability with remote code execution in Prim'X Zed! FREE through 1.0 build 186 and Zed! Limited Edition through 6.1 build 2208 allows creation of arbitrary files on a user's workstation using crafted ZED! containers because the watermark loading function can place an executable file into a Startup folder.
Ссылки
- Broken LinkThird Party Advisory
- Broken LinkThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 6.1 (включая)Версия до 1.0 (включая)
Одно из
cpe:2.3:a:primx:zed\!:*:*:*:*:*:*:*:*
cpe:2.3:a:primx:zed\!_free:*:*:*:*:*:*:*:*
EPSS
Процентиль: 84%
0.02277
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
A directory traversal vulnerability with remote code execution in Prim'X Zed! FREE through 1.0 build 186 and Zed! Limited Edition through 6.1 build 2208 allows creation of arbitrary files on a user's workstation using crafted ZED! containers because the watermark loading function can place an executable file into a Startup folder.
EPSS
Процентиль: 84%
0.02277
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-22