Uncontrolled Search Path Vulnerability in OpenSight Software FlashFXP
CVE-2024-10068

7.8HIGH

Key Information:

Vendor
Opensight Software
Status
Flashfxp
Vendor
CVE Published:
17 October 2024

Summary

A serious vulnerability has been identified in OpenSight Software's FlashFXP version 5.4.0.3970, specifically related to an uncontrolled search path in the library file libcrypto-1_1.dll. This flaw enables potential attackers to manipulate the loading of DLL files, leading to vulnerabilities in the application that can be exploited locally. While the exact function within the software is not disclosed, the implications are significant, allowing malicious actors to potentially compromise the application’s integrity. Despite early notification to the vendor regarding this vulnerability, no response has been recorded, leaving users at risk. It is crucial for users of FlashFXP to be aware of this vulnerability and consider implementing protective measures.

Affected Version(s)

FlashFXP 5.4.0.3970

References

https://vuldb.com/?id.280716
vdb-entry
https://vuldb.com/?ctiid.280716
signaturepermissions-required
https://vuldb.com/?submit.419684
third-party-advisory

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

tfhm (VulDB User)
.