CVE-2023-49147

Name of the Vulnerable Software and Affected Versions PDF24 Creator version 11.14.0

Description An issue was discovered in the configuration of the msi installer file of PDF24 Creator, which produces a visible cmd.exe window when using the repair function of msiexec.exe. This allows an unprivileged local attacker to use a chain of actions, such as an oplock on faxPrnInst.log, to open a SYSTEM cmd.exe. The issue can be exploited for Windows privilege escalation via an oplock on a privileged read.

Recommendations For PDF24 Creator version 11.14.0, as a temporary workaround, consider restricting access to the repair function of msiexec.exe to minimize the risk of exploitation. Additionally, avoid using the oplock on faxPrnInst.log until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.