Topaz OFD Protection Module Warsaw core.exe unquoted search path
CVE-2023-5012

7.8HIGH

Key Information:

Vendor: Topaz
Status: OFD
Vendor: CVE Published:; 16 September 2023

What is CVE-2023-5012?

A problematic vulnerability exists in Topaz OFD, particularly in the Protection Module Warsaw component. It specifically concerns the file located at C:\Program Files\Topaz OFD\Warsaw\core.exe. The issue arises due to an unquoted search path, which potentially allows local attackers to exploit this vulnerability. To mitigate this risk, immediate upgrading to version 2.12.0.259 is recommended as it resolves this security concern.

Affected Version(s)

OFD 2.11.0.201

References

https://vuldb.com/?id.239853

vdb-entrytechnical-description

https://vuldb.com/?ctiid.239853

signature

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 16, 2023
Vulnerability Reserved
Sep 16, 2023

Credit

_Phx (VulDB User)

CVE-2023-5012 Data

JSON