PT-2025-5990 · Tally · Tally Prime Edit Log
Manpreet Singh Kheberi
·
Published
2025-02-07
·
Updated
2025-02-07
·
CVE-2024-48091
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Tally Prime Edit Log version 2.1
Description
A DLL hijacking issue was discovered in the TextShaping.dll component, allowing attackers to execute arbitrary code through a manipulated DLL. This issue enables the execution of arbitrary code via a crafted DLL.
Recommendations
For Tally Prime Edit Log version 2.1, consider disabling the use of the TextShaping.dll component until a patch is available to prevent exploitation of the DLL hijacking vulnerability.
Fix
Uncontrolled Search Path Element
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tally Prime Edit Log