PT-2023-26382 · Minitool · Minitool Movie Maker

0Dr3F

Publicado

2023-09-19

Atualizado

2023-10-13

CVE-2023-38355

CVSS v3.1

8.1

Alta

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions MiniTool Movie Maker versions 6.1.0 through 7.0

Description The issue is related to an insecure installation process in MiniTool Movie Maker, which allows attackers to achieve remote code execution through a man-in-the-middle attack.

Recommendations For MiniTool Movie Maker version 6.1.0, update to a version later than 7.0 to resolve the issue. For MiniTool Movie Maker version 7.0, update to a version later than 7.0 to resolve the issue. As a temporary workaround, consider restricting network access during the installation process to minimize the risk of exploitation.

Correção

Improper Certificate Validation

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-295

Identificadores relacionados

CVE-2023-38355

Produtos afetados

Minitool Movie Maker

PT-2023-26382 · Minitool · Minitool Movie Maker

CVE-2023-38355

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7