CVE-2024-7886

Scooter Software Beyond Compare 7zxa.dll uncontrolled search path

CVSS 8.5 HIGHEPSS 0.2%CWE-426 CWE-427

Vexday Risk Score

21Baixo

Decisão SSVC (CISA)

Track

Sem sinal de exploração → monitorar

CVSS 8.5EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

16 ago 2024Publicada no NVD

Recomendação: Monitorar — sem sinal de exploração no momento.

A vulnerability has been found in Scooter Software Beyond Compare up to 3.3.5.15075 and classified as critical. Affected by this vulnerability is an unknown functionality in the library 7zxa.dll. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The real existence of this vulnerability is still doubted at the moment. The vendor explains that a system must be breached before exploiting this issue. They are not planning on making any changes to address it.

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Produtos afetados

Scooter Software · Beyond Compare

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://vuldb.com/?ctiid.274873 https://vuldb.com/?id.274873 https://vuldb.com/?submit.383468