Uncontrolled Search Path Element Vulnerability in 4D and 4D Windows Server
Posted date 09/11/2023
Importance
3 - Medium
Affected Resources
- 4D.exe and 4D Server.exe executables, in their 19 R8 100218 version, are affected by this vulnerability.
Description
INCIBE has coordinated the publication of one vulnerabilitiy that affects 4D and 4D server Windows executables, which have been discovered by Alexander Huaman Jaimes (@zanganox).
This vulnerabilitiy has been assigned the following code, CVSS v3.1 base score, CVSS vector string, and CWE vulnerability type:
- CVE-2023-4770: CVSS v3.1: 6.5 | CVSS: AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H | CWE-427.
Solution
There is no solution reported at the moment.
Detail
- CVE-2023-4770: an uncontrolled search path element vulnerability has been found on 4D and 4D server Windows executables applications, affecting version 19 R8 100218. This vulnerability consists in a DLL hijacking by replacing x64 shfolder.dll in the installation path, causing an arbitrary code execution.
References list
Etiquetas
