PT-2023-24964 · Microsoft · Windows 10

Bitk

Publicado

2023-06-19

Atualizado

2024-12-12

CVE-2023-34642

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions KioWare for Windows versions through 8.33

Description The issue is related to an incomplete blacklist filter for blocked dialog boxes on Windows 10, allowing attackers to open a file dialog box via the showDirectoryPicker() function. This can then be used to open an unprivileged command prompt.

Recommendations For versions through 8.33, consider disabling the showDirectoryPicker() function as a temporary workaround until a patch is available. Restrict access to blocked dialog boxes to minimize the risk of exploitation.

Exploit

Correção

OS Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-78

Identificadores relacionados

CVE-2023-34642

Produtos afetados

Windows 10

PT-2023-24964 · Microsoft · Windows 10

CVE-2023-34642

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9