CVE-2023-4770

An uncontrolled search path element vulnerability has been found on 4D and 4D server Windows executables applications, affecting version 19 R8 100218. This vulnerability consists in a DLL hijacking by replacing x64 shfolder.dll in the installation path, causing an arbitrary code execution.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:4d:4d:19:r8:*:*:*:*:*:*
cpe:2.3:a:4d:server:19:r8:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

06 Dec 2023, 17:31

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.8
First Time 4d
Microsoft
4d 4d
4d server
Microsoft windows
CPE cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
cpe:2.3:a:4d:server:19:r8:*:*:*:*:*:*
cpe:2.3:a:4d:4d:19:r8:*:*:*:*:*:*
References () https://www.incibe.es/en/incibe-cert/notices/aviso/uncontrolled-search-path-element-vulnerability-4d-and-4d-windows-serverĀ - () https://www.incibe.es/en/incibe-cert/notices/aviso/uncontrolled-search-path-element-vulnerability-4d-and-4d-windows-serverĀ - Third Party Advisory

30 Nov 2023, 14:48

Type Values Removed Values Added
New CVE

Information

Published : 2023-11-30 14:15

Updated : 2024-02-28 20:54


NVD link : CVE-2023-4770

Mitre link : CVE-2023-4770

CVE.ORG link : CVE-2023-4770


JSON object : View

Products Affected

4d

  • server
  • 4d

microsoft

  • windows
CWE
CWE-427

Uncontrolled Search Path Element