PT-2023-6857 · Elecom · Elecom Camera Assistant

Tomohisa Hasegawa

Publicado

2023-02-14

Atualizado

2025-03-19

CVE-2023-22368

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ELECOM Camera Assistant version 1.00 QuickFileDealer versions 1.2.1 and earlier

Description The issue is related to an untrusted search path vulnerability. This vulnerability allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

Recommendations For ELECOM Camera Assistant version 1.00, update to a version that fixes the untrusted search path vulnerability. For QuickFileDealer versions 1.2.1 and earlier, update to a version that fixes the untrusted search path vulnerability. As a temporary workaround, consider restricting access to directories where a Trojan horse DLL could be placed to minimize the risk of exploitation.

Correção

Untrusted Search Path

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-426

Identificadores relacionados

BDU:2023-07869

CVE-2023-22368

Produtos afetados

Elecom Camera Assistant

PT-2023-6857 · Elecom · Elecom Camera Assistant

CVE-2023-22368

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8