Remote Code Execution Vulnerability in Wanxing Technology's Yitu Project Management Software
CVE-2024-24122

3.3LOW

Key Information:

Vendor: Wondershare
Status: Edraw
Vendor: CVE Published:; 2 October 2024

🔔 Create Wondershare Vulnerability Alert

What is CVE-2024-24122?

The vulnerability in Wanxing Technology's Yitu Project Management Software allows for remote code execution. Attackers can leverage the exp.adpx file as a zip compressed file, crafting a specific file name that enables them to decompress the project file into the system startup folder. Upon system restart, this can lead to the automatic execution of a malicious script embedded within the file, posing significant risks to system integrity and security.

References

https://github.com/zty007666/Shenzhen-Yitu-Software-Yitu-...

https://gist.github.com/zty-1995/effed155177edd7b22fdf2c0...

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 2, 2024
Vulnerability Reserved
Jan 25, 2024