Uncontrolled Search Path Element Remote Code Execution Vulnerability
CVE-2023-44437

7.8HIGH

Key Information:

Vendor: Ashlar-vellum
Status: Cobalt
Vendor: CVE Published:; 3 May 2024

Summary

Ashlar-Vellum Cobalt contains a vulnerability that enables remote attackers to execute arbitrary code on installations of the software. This issue arises when the application processes certain file types, leading to the loading of a library from an unsecured location. A successful exploitation requires the user to visit a malicious webpage or to open a compromised file. Attackers can take advantage of this vulnerability to execute code within the context of the affected process, posing a significant security risk.

Affected Version(s)

Cobalt Cobalt v12 Beta Build 1204.67

References

https://www.zerodayinitiative.com/advisories/ZDI-23-1595/

x_research-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
May 3, 2024
Vulnerability Reserved
Sep 28, 2023