Uncontrolled Search Path Vulnerability Affects IObit DualSafe Password Manager
CVE-2024-7326

7.8HIGH

Key Information:

Vendor: IObit
Status: Dualsafe Password Manager
Vendor: CVE Published:; 31 July 2024

What is CVE-2024-7326?

A vulnerability present in IObit DualSafe Password Manager version 1.4.0.3 pertains to the library RTL120.BPL within the BPL Handler component. This issue arises from an uncontrolled search path manipulation which can be exploited locally. Such vulnerabilities pose significant risks, allowing malicious entities to manipulate search paths, potentially leading to unauthorized access or execution of harmful code. IObit was notified regarding this vulnerability yet failed to provide a response, highlighting the need for urgent attention in mitigating associated risks.

References

https://vuldb.com/?id.273249

https://vuldb.com/?ctiid.273249

https://vuldb.com/?submit.378150

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 31, 2024