Описание
An issue was discovered in Inosoft VisiWin 7 through 2022-2.1 (Runtime RT7.3 RC3 20221209.5). The "%PROGRAMFILES(X86)%\INOSOFT GmbH" folder has weak permissions for Everyone, allowing an attacker to insert a Trojan horse file that runs as SYSTEM. 2024-1 is a fixed version.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1Версия до 2022-2.1 (включая)
cpe:2.3:a:inosoft:visiwin_7:*:*:*:*:*:*:*:*
EPSS
Процентиль: 27%
0.00094
Низкий
7.8 High
CVSS3
Дефекты
CWE-276
CWE-276
Связанные уязвимости
CVSS3: 7.8
github
больше 2 лет назад
An issue was discovered in Inosoft VisiWin 7 through 2022-2.1 (Runtime RT7.3 RC3 20221209.5). The "%PROGRAMFILES(X86)%\INOSOFT GmbH" folder has weak permissions for Everyone, allowing an attacker to insert a Trojan horse file that runs as SYSTEM.
EPSS
Процентиль: 27%
0.00094
Низкий
7.8 High
CVSS3
Дефекты
CWE-276
CWE-276