CVE-2024-7886

Scooter Software Beyond Compare 7zxa.dll uncontrolled search path

CVSS 8.5 HIGHEPSS 0.2%CWE-426 CWE-427

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 8.5EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

16 Aug 2024Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

A vulnerability has been found in Scooter Software Beyond Compare up to 3.3.5.15075 and classified as critical. Affected by this vulnerability is an unknown functionality in the library 7zxa.dll. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The real existence of this vulnerability is still doubted at the moment. The vendor explains that a system must be breached before exploiting this issue. They are not planning on making any changes to address it.

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected products

Scooter Software · Beyond Compare

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://vuldb.com/?ctiid.274873 https://vuldb.com/?id.274873 https://vuldb.com/?submit.383468