Uncontrolled Search Path Vulnerability in Scooter Software Beyond Compare
CVE-2024-7886

7.8HIGH

Key Information:

Vendor
Scooter Software
Status
Beyond Compare
Vendor
CVE Published:
16 August 2024

Summary

A newly identified vulnerability exists within Scooter Software's Beyond Compare, specifically tied to the library 7zxa.dll, affecting versions up to 3.3.5.15075. This critical vulnerability allows for an uncontrolled search path, which can potentially lead to malicious manipulation when an attacker has already breached the system. It is important to note that local access is a prerequisite for this exploitation. While the real-world impact of this vulnerability is still under scrutiny, it presents potential risks that users of the affected software should address promptly to mitigate threats. Regular updates and awareness can help safeguard against exploitation.

Affected Version(s)

Beyond Compare 3.3.5.15075

References

https://vuldb.com/?id.274873
vdb-entry
https://vuldb.com/?ctiid.274873
signaturepermissions-required
https://vuldb.com/?submit.383468
third-party-advisory

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

Collectors

NVD DatabaseMitre Database

Credit

tfhm (VulDB User)
.