CVE-2023-25953

Code injection vulnerability in Drive Explorer for macOS versions 3.5.4 and earlier allows an attacker who can login to the client where the affected product is installed to inject arbitrary code while processing the product execution. Since a full disk access privilege is required to execute LINE WORKS Drive Explorer, the attacker may be able to read and/or write to arbitrary files without the access privileges.
Configurations

Configuration 1 (hide)

cpe:2.3:a:worksmobile:drive_explorer:*:*:*:*:*:macos:*:*

History

21 Nov 2024, 07:50

Type Values Removed Values Added
References () https://jvn.jp/en/jp/JVN01937209/ - Third Party Advisory () https://jvn.jp/en/jp/JVN01937209/ - Third Party Advisory
References () https://line.worksmobile.com/jp/release-notes/20230216/ - Release Notes () https://line.worksmobile.com/jp/release-notes/20230216/ - Release Notes

30 May 2023, 22:18

Type Values Removed Values Added
CWE CWE-94
CPE cpe:2.3:a:worksmobile:drive_explorer:*:*:*:*:*:macos:*:*
First Time Worksmobile
Worksmobile drive Explorer
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
References (MISC) https://line.worksmobile.com/jp/release-notes/20230216/ - (MISC) https://line.worksmobile.com/jp/release-notes/20230216/ - Release Notes
References (MISC) https://jvn.jp/en/jp/JVN01937209/ - (MISC) https://jvn.jp/en/jp/JVN01937209/ - Third Party Advisory

Information

Published : 2023-05-23 02:15

Updated : 2024-11-21 07:50


NVD link : CVE-2023-25953

Mitre link : CVE-2023-25953

CVE.ORG link : CVE-2023-25953


JSON object : View

Products Affected

worksmobile

  • drive_explorer
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')