Описание
KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. This issue can allow attackers to open a file dialog box via the function showDirectoryPicker() which can then be used to open an unprivileged command prompt.
Ссылки
- Broken Link
- Release Notes
- Broken Link
- Release Notes
Уязвимые конфигурации
Конфигурация 1Версия до 8.33 (включая)
cpe:2.3:a:kioware:kioware:*:*:*:*:*:windows:*:*
EPSS
Процентиль: 20%
0.00064
Низкий
7.8 High
CVSS3
Дефекты
NVD-CWE-noinfo
CWE-78
Связанные уязвимости
CVSS3: 7.8
github
больше 2 лет назад
KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. This issue can allow attackers to open a file dialog box via the function showDirectoryPicker() which can then be used to open an unprivileged command prompt.
EPSS
Процентиль: 20%
0.00064
Низкий
7.8 High
CVSS3
Дефекты
NVD-CWE-noinfo
CWE-78