Incomplete Blacklist Filter in KioWare for Windows by KioWare Technologies
CVE-2023-34641

7.8HIGH

Key Information:

Vendor: Kioware
Status: Kioware
Vendor: CVE Published:; 19 June 2023

What is CVE-2023-34641?

KioWare for Windows, up to version 8.33, has a vulnerability due to an incomplete blacklist filter for blocked dialog boxes. This weakness allows attackers to exploit the window.print() function to open a file dialog box, potentially leading to the execution of unprivileged command prompts. This could enable malicious activities on the affected systems, stressing the importance of updating to secure versions.

References

https://www.kioware.com/versionhistory.aspx?pid=15

https://github.com/huntergregal/CVE/tree/main/TBD-KIOWARE...

https://github.com/huntergregal/CVE/tree/main/CVE-2023-34641

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 19, 2023
Vulnerability Reserved
Jun 7, 2023

Kioware

What is CVE-2023-34641?

References

CVSS V3.1

Timeline