PT-2024-29839 · Unknown · Edgecross Basic Software For Windows+1
Published
2024-12-19
·
Updated
2024-12-24
·
CVE-2024-4229
CVSS v3.1
7.8
High
| Vector | AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Edgecross Basic Software for Windows versions 1.00 and later
Edgecross Basic Software for Developers versions 1.00 and later
Description
The issue allows a malicious local attacker to execute arbitrary malicious code, resulting in information disclosure, tampering with and deletion, or a denial-of-service (DoS) condition, if the product is installed in a folder other than a folder that only users with administrative privilege have permission to modify.
Recommendations
For Edgecross Basic Software for Windows versions 1.00 and later, consider installing the product in a folder that only users with administrative privilege have permission to modify to minimize the risk of exploitation.
For Edgecross Basic Software for Developers versions 1.00 and later, consider installing the product in a folder that only users with administrative privilege have permission to modify to minimize the risk of exploitation.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Incorrect Default Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Edgecross Basic Software For Developers
Edgecross Basic Software For Windows