CVE-2022-27176

Name of the Vulnerable Software and Affected Versions RevoWorks SCVX versions 1.043 and prior RevoWorks Browser versions 2.2.67 and prior RevoWorks Desktop versions 2.1.84 and prior

Description The issue is related to incomplete filtering of special elements, which may allow an attacker to execute a malicious macro. This can be achieved by having a user download, import, and open a specially crafted file in the local environment. The vulnerability exists when using the 'File Sanitization Library' in RevoWorks SCVX, or the 'File Sanitization Option' in RevoWorks Browser and RevoWorks Desktop.

Recommendations For RevoWorks SCVX versions 1.043 and prior, consider disabling the 'File Sanitization Library' until a patch is available. For RevoWorks Browser versions 2.2.67 and prior, restrict the use of the 'File Sanitization Option' to minimize the risk of exploitation. For RevoWorks Desktop versions 2.1.84 and prior, avoid using the 'File Sanitization Option' in the affected environment until the issue is resolved.