PT-2023-32802 · Peazip · Peazip

Tfhm

·

Publicado

2023-12-17

·

Atualizado

2024-05-17

·

CVE-2023-6891

CVSS v3.1

7.8

Alta

VetorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions PeaZip versions 9.4.0
Description A vulnerability has been found in the library dragdropfilesdll.dll of the component Library Handler, leading to uncontrolled search path. The manipulation can be exploited locally. Upgrading to version 9.6.0 is able to address this issue.
Recommendations For PeaZip version 9.4.0, upgrade to version 9.6.0 to address the issue. As a temporary workaround, consider restricting access to the dragdropfilesdll.dll library until the update is applied.

Correção

Uncontrolled Search Path Element

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-427

Identificadores relacionados

CVE-2023-6891

Produtos afetados

Peazip