CVE-2024-3459
8.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
KioWare for Windows (versions all through 8.34) allows to escape the environment by downloading PDF files, which then by default are opened in an external PDF viewer. By using built-in functions of that viewer it is possible to launch a web browser, search through local files and, subsequently, launch any program with user privileges.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Kioware | Kioware | 0 <= 8.34 | affected |
Weaknesses
- CWE-424: CWE-424 Improper Protection of Alternate Path
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
CVE Program Container
Additional References
- https://cert.pl/posts/2024/04/CVE-2024-3459
- https://cert.pl/en/posts/2024/04/CVE-2024-3459
- https://www.kioware.com/
References
- https://cert.pl/posts/2024/04/CVE-2024-3459
- https://cert.pl/en/posts/2024/04/CVE-2024-3459
- https://www.kioware.com/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.