Code injection vulnerability in Drive Explorer for macOS versions 3.5.4 and earlier allows an attacker who can login to the client where the affected product is installed to inject arbitrary code while processing the product execution. Since a full disk access privilege is required to execute LINE WORKS Drive Explorer, the attacker may be able to read and/or write to arbitrary files without the access privileges.
References
Link | Resource |
---|---|
https://jvn.jp/en/jp/JVN01937209/ | Third Party Advisory |
https://line.worksmobile.com/jp/release-notes/20230216/ | Release Notes |
https://jvn.jp/en/jp/JVN01937209/ | Third Party Advisory |
https://line.worksmobile.com/jp/release-notes/20230216/ | Release Notes |
Configurations
History
21 Nov 2024, 07:50
Type | Values Removed | Values Added |
---|---|---|
References | () https://jvn.jp/en/jp/JVN01937209/ - Third Party Advisory | |
References | () https://line.worksmobile.com/jp/release-notes/20230216/ - Release Notes |
30 May 2023, 22:18
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-94 | |
CPE | cpe:2.3:a:worksmobile:drive_explorer:*:*:*:*:*:macos:*:* | |
First Time |
Worksmobile
Worksmobile drive Explorer |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
References | (MISC) https://line.worksmobile.com/jp/release-notes/20230216/ - Release Notes | |
References | (MISC) https://jvn.jp/en/jp/JVN01937209/ - Third Party Advisory |
Information
Published : 2023-05-23 02:15
Updated : 2024-11-21 07:50
NVD link : CVE-2023-25953
Mitre link : CVE-2023-25953
CVE.ORG link : CVE-2023-25953
JSON object : View
Products Affected
worksmobile
- drive_explorer
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')