CVE-2024-41865

Name of the Vulnerable Software and Affected Versions Dimension versions 3.4.11 and earlier

Description The issue is related to an Untrusted Search Path that could lead to arbitrary code execution. An attacker could exploit this by inserting a malicious file into the search path, which the application might execute instead of the legitimate file. This could occur if the application uses a search path to locate executables or libraries. Exploitation of this issue requires user interaction.

Recommendations For Dimension versions 3.4.11 and earlier, consider restricting the search path to only include trusted directories to minimize the risk of exploitation. As a temporary workaround, ensure that users are cautious when interacting with files and executables to reduce the likelihood of executing malicious code. At the moment, there is no information about a newer version that contains a fix for this vulnerability.