Critical Vulnerability in Beyond Compare Could Lead to Uncontrolled Search Path

CVE-2024-7886

7.8HIGH

Key Information

Vendor: Scooter Software
Status: Beyond Compare
Vendor: CVE Published:; 16 August 2024

Summary

A vulnerability has been found in Scooter Software Beyond Compare up to 3.3.5.15075 and classified as critical. Affected by this vulnerability is an unknown functionality in the library 7zxa.dll. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The real existence of this vulnerability is still doubted at the moment. NOTE: The vendor explains that a system must be breached before exploiting this issue.

Affected Version(s)

Beyond Compare = 3.3.5.15075

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Risk change from: null to: 7.8 - (HIGH)
Aug 17, 2024
VulDB entry last update
Aug 16, 2024
VulDB entry created
Aug 16, 2024
Advisory disclosed
Aug 16, 2024
Vulnerability published.
Aug 16, 2024

Collectors

NVD DatabaseMitre Database

Credit

tfhm (VulDB User)