Awaiting Analysis
CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Products
KioWare for Windows
- through 8.34
Source
cvd@cert.pl
Tags
CVE-2024-3459 details
Published : May 14, 2024, 3:41 p.m.
Last Modified : May 14, 2024, 4:11 p.m.
Last Modified : May 14, 2024, 4:11 p.m.
Description
KioWare for Windows (versions all through 8.34) allows to escape the environment by downloading PDF files, which then by default are opened in an external PDF viewer. By using built-in functions of that viewer it is possible to launch a web browser, search through local files and, subsequently, launch any program with user privileges.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8.4 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|
CVSS Data
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
8.4
Exploitability Score
Impact Score
Base Severity
HIGH
Vector String : CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References
| URL | Source |
|---|---|
| https://cert.pl/en/posts/2024/04/CVE-2024-3459 | cvd@cert.pl |
| https://cert.pl/posts/2024/04/CVE-2024-3459 | cvd@cert.pl |
| https://www.kioware.com/ | cvd@cert.pl |
This website uses the NVD API, but is not approved or certified by it.