Описание
An uncontrolled search path element vulnerability has been found on 4D and 4D server Windows executables applications, affecting version 19 R8 100218. This vulnerability consists in a DLL hijacking by replacing x64 shfolder.dll in the installation path, causing an arbitrary code execution.
Уязвимые конфигурации
Конфигурация 1
Одновременно
Одно из
cpe:2.3:a:4d:4d:19:r8:*:*:*:*:*:*
cpe:2.3:a:4d:server:19:r8:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
EPSS
Процентиль: 38%
0.00164
Низкий
6.5 Medium
CVSS3
7.8 High
CVSS3
Дефекты
CWE-427
Связанные уязвимости
CVSS3: 6.5
github
около 2 лет назад
An uncontrolled search path element vulnerability has been found on 4D and 4D server Windows executables applications, affecting version 19 R8 100218. This vulnerability consists in a DLL hijacking by replacing x64 shfolder.dll in the installation path, causing an arbitrary code execution.
EPSS
Процентиль: 38%
0.00164
Низкий
6.5 Medium
CVSS3
7.8 High
CVSS3
Дефекты
CWE-427