CVE-2024-7326

IObit DualSafe Password Manager BPL RTL120.BPL uncontrolled search path

CVSS 8.5 HIGHEPSS 0.3%CWE-427

Vexday Risk Score

21Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 8.5EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

31 jul 2024Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

A vulnerability classified as critical has been found in IObit DualSafe Password Manager 1.4.0.3. This affects an unknown part in the library RTL120.BPL of the component BPL Handler. The manipulation leads to uncontrolled search path. It is possible to launch the attack on the local host. The identifier VDB-273249 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Productos afectados

IObit · DualSafe Password Manager

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://lab52.io/blog/dll-side-loading-through-iobit-against-colombia/https://vuldb.com/?ctiid.273249 https://vuldb.com/?id.273249 https://vuldb.com/?submit.378150