PT-2024-33161 · Unknown+1 · Helakuru Desktop Application+1

Surajhacx

Published

2024-10-22

Updated

2024-10-30

CVE-2024-48605

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Helakuru Desktop Application version 1.1

Description The issue allows a local attacker to execute arbitrary code due to the lack of proper validation of the wow64log.dll file. This enables the attacker to potentially gain control over the system.

Recommendations For Helakuru Desktop Application version 1.1, consider updating to a newer version that includes proper validation of the wow64log.dll file to prevent arbitrary code execution. As a temporary workaround, restrict access to the wow64log.dll file to minimize the risk of exploitation.

Exploit

Fix

Uncontrolled Search Path Element

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-427

Related Identifiers

CVE-2024-48605

Affected Products

Helakuru Desktop Application

Wow64Log.Dll

PT-2024-33161 · Unknown+1 · Helakuru Desktop Application+1

CVE-2024-48605

Weakness Enumeration

Related Identifiers

Affected Products

References · 8