Vulnerability Allows Escape from Environment via PDF Files

CVE-2024-3459

8.4HIGH

Key Information

Vendor: Kioware
Status: Kioware
Vendor: CVE Published:; 14 May 2024

Summary

KioWare for Windows (versions all through 8.34) allows to escape the environment by downloading PDF files, which then by default are opened in an external PDF viewer. By using built-in functions of that viewer it is possible to launch a web browser, search through local files and, subsequently, launch any program with user privileges.

Affected Version(s)

Kioware <= 8.34

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
May 14, 2024
Vulnerability Reserved.
Apr 8, 2024

Collectors

NVD DatabaseMitre Database

Credit

Maksymilian Kubiak [Afine Team]