Incomplete Blacklist Filter in KioWare for Windows Affects User Security
CVE-2023-34642

7.8HIGH

Key Information:

Vendor: Kioware
Status: Kioware
Vendor: CVE Published:; 19 June 2023

What is CVE-2023-34642?

KioWare for Windows, up to version 8.33, is affected by a security vulnerability due to an incomplete blacklist filter for blocked dialog boxes. This flaw permits attackers to trigger the showDirectoryPicker() function, which maliciously invokes a file dialog box. This functionality could be exploited to open an unprivileged command prompt, potentially leading to unauthorized access and manipulation of the system.

References

https://www.kioware.com/versionhistory.aspx?pid=15

https://github.com/huntergregal/CVE/tree/main/TBD-KIOWARE...

https://github.com/huntergregal/CVE/tree/main/CVE-2023-34642

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 19, 2023
Vulnerability Reserved
Jun 7, 2023

Kioware

What is CVE-2023-34642?

References

CVSS V3.1

Timeline