CVE-2023-4770

Uncontrolled Search Path Element Vulnerability in 4D and 4D Windows Server

CVSS 6.5 MEDIUMEPSS 0.3%CWE-427

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 6.5EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

30 Nov 2023Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

An uncontrolled search path element vulnerability has been found on 4D and 4D server Windows executables applications, affecting version 19 R8 100218. This vulnerability consists in a DLL hijacking by replacing x64 shfolder.dll in the installation path, causing an arbitrary code execution.

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Affected products

4D · 4D.exe 4D · 4D Server.exe

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.incibe.es/en/incibe-cert/notices/aviso/uncontrolled-search-path-element-vulnerability-4d-and-4d-windows-server