PT-2024-20739 · Revoworks · Revoworks Browser+1
Published
2024-03-01
·
Updated
2024-08-05
·
CVE-2024-25091
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
RevoWorks SCVX versions prior to scvimage4.10.21 1013
RevoWorks Browser versions prior to 2.2.95
Description
A protection mechanism failure issue exists, potentially allowing malware to escape the sandboxed environment if data containing malware is saved in specific file formats, such as eml, dmg, vhd, iso, or msi, when using the 'VirusChecker' or 'ThreatChecker' feature.
Recommendations
For RevoWorks SCVX versions prior to scvimage4.10.21 1013, update to version scvimage4.10.21 1013 or later to resolve the issue.
For RevoWorks Browser versions prior to 2.2.95, update to version 2.2.95 or later to resolve the issue.
As a temporary workaround, consider avoiding the use of the 'VirusChecker' or 'ThreatChecker' feature in affected versions until a patch is applied.
Fix
Protection Mechanism Failure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Revoworks Browser
Revoworks Scvx