Remote Code Execution Vulnerability in Ashlar-Vellum Argon
CVE-2023-44438

7.8HIGH

Key Information:

Vendor: Ashlar-vellum
Status: Argon
Vendor: CVE Published:; 3 May 2024

Summary

A vulnerability exists in Ashlar-Vellum Argon due to an improper search path element that can be exploited by remote attackers. The flaw lies within the parsing mechanism of various file types, where the application loads a library from an unsecured location. This compromise allows an attacker to run arbitrary code within the context of the current process, contingent upon user interaction to activate the exploit through visiting a malicious webpage or opening an infected file.

Affected Version(s)

Argon Argon v12 Beta Build 1204.68

References

https://www.zerodayinitiative.com/advisories/ZDI-23-1596/

x_research-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
May 3, 2024
Vulnerability Reserved
Sep 28, 2023