CVE-2024-10068

Name of the Vulnerable Software and Affected Versions OpenSight Software FlashFXP version 5.4.0.3970

Description A critical issue was found in the library libcrypto-1 1.dll of the file FlashFXP.exe, affecting an unknown function. This leads to uncontrolled search path manipulation. The attack must be approached locally, and the exploit has been disclosed to the public. The vendor was contacted about this disclosure but did not respond.

Recommendations As a temporary workaround, consider restricting access to the library libcrypto-1 1.dll to minimize the risk of exploitation. Review file permissions to mitigate the risk of local exploit. At the moment, there is no information about a newer version that contains a fix for this vulnerability.