CVE-2024-1344

Name of the Vulnerable Software and Affected Versions LaborOfficeFree version 19.10

Description The issue affects the executable files LOF service.exe and LaborOfficeFree.exe, allowing an attacker to read and extract the username and password from the database. This can lead to unauthorized access to the application's database backup. The attacker can log in remotely with root-like privileges.

Recommendations For version 19.10, consider disabling the executable files LOF service.exe and LaborOfficeFree.exe until a patch is available to prevent exploitation. Restrict access to the directory '%programfiles(x86)%LaborOfficeFree' to minimize the risk of unauthorized access. Avoid using the default credentials for the database to reduce the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.