CVE-2024-3459

KioWare for Windows (versions all through 8.34) allows to escape the environment by downloading PDF files, which then by default are opened in an external PDF viewer. By using built-in functions of that viewer it is possible to launch a web browser, search through local files and, subsequently, launch any program with user privileges.

CVSS v3 8.4 HIGH

8.4^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://cert.pl/en/posts/2024/04/CVE-2024-3459
https://cert.pl/posts/2024/04/CVE-2024-3459
https://www.kioware.com/
https://cert.pl/en/posts/2024/04/CVE-2024-3459
https://cert.pl/posts/2024/04/CVE-2024-3459
https://www.kioware.com/

Configurations

No configuration.

History

21 Nov 2024, 09:29

Type	Values Removed	Values Added
References	~~() https://cert.pl/en/posts/2024/04/CVE-2024-3459 -~~	() https://cert.pl/en/posts/2024/04/CVE-2024-3459 -
References	~~() https://cert.pl/posts/2024/04/CVE-2024-3459 -~~	() https://cert.pl/posts/2024/04/CVE-2024-3459 -
References	~~() https://www.kioware.com/ -~~	() https://www.kioware.com/ -
Summary		(es) KioWare para Windows (versiones hasta 8.34) permite escapar del entorno descargando archivos PDF, que luego se abren de forma predeterminada en un visor de PDF externo. Al utilizar las funciones integradas de ese visor, es posible iniciar un navegador web, buscar en archivos locales y, posteriormente, iniciar cualquier programa con privilegios de usuario.

14 May 2024, 15:41

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-14 15:41

Updated : 2024-11-21 09:29

NVD link : CVE-2024-3459

Mitre link : CVE-2024-3459

CVE.ORG link : CVE-2024-3459

JSON object : View

Products Affected

No product.

CWE

CWE-424

Improper Protection of Alternate Path

8.4 /10