Arbitrary Code Execution Vulnerability in Winhex
CVE-2023-6361

7.3HIGH

Key Information:

Vendor

Winhex

Status
Vendor
CVE Published:
7 October 2024

What is CVE-2023-6361?

A buffer overflow vulnerability has been identified in Winhex, specifically affecting versions 16.1 SR-1 and 20.4. This flaw allows unauthorized control over the Structured Exception Handler (SEH) registers, which can potentially enable attackers to execute arbitrary code by exploiting excessively long filename arguments. Such an exploit could compromise the security of affected systems, highlighting the importance of timely updates and monitoring for this vulnerability.

Affected Version(s)

WinHex 16.1 SR-1

WinHex 20.4

References

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Rafael Pedrero
.