CVE-2024-3459

Name of the Vulnerable Software and Affected Versions KioWare for Windows versions all through 8.35

Description The issue allows an attacker to escape the environment by downloading PDF files, which are then opened in an external PDF viewer. This can lead to launching a web browser, searching through local files, and subsequently launching any program with user privileges. Additionally, it is possible to brute force the PIN number that protects the application from being closed, as there are no mechanisms preventing excessive guessing of the number.

Recommendations For versions all through 8.35, consider disabling the feature that allows downloading and opening PDF files in an external viewer until a patch is available. As a temporary workaround, restrict access to the PIN number input field to prevent brute force attempts. Avoid using the default PDF viewer to open downloaded files in the affected KioWare for Windows versions until the issue is resolved.