Zip File Processing Vulnerability in Software by Vendor
CVE-2023-3314

8.1HIGH

Key Information:

Vendor: Trellix
Status: Enterprise Security Manager
Vendor: CVE Published:; 3 July 2023

Summary

A vulnerability exists due to insufficient sanitization during the processing of zip files. This flaw permits an authorized user to exploit the .zip application, potentially executing arbitrary commands or elevating system privileges by manipulating external commands. Ensuring adequate validation and input sanitization is crucial for protecting against such security risks.

Affected Version(s)

Enterprise Security Manager Windows 11.6.3

References

https://kcm.trellix.com/corporate/index?page=content&id=S...

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 3, 2023
Vulnerability Reserved
Jun 19, 2023

Credit

Andre Waldhoff (condignum GmbH)

Johannes Bär (condignum GmbH)