CVE-2024-3459

{"id": "CVE-2024-3459", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cvd@cert.pl", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.5}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2024-05-14T15:41:12.060", "references": [{"url": "https://cert.pl/en/posts/2024/04/CVE-2024-3459", "tags": ["Broken Link"], "source": "cvd@cert.pl"}, {"url": "https://cert.pl/posts/2024/04/CVE-2024-3459", "tags": ["Broken Link"], "source": "cvd@cert.pl"}, {"url": "https://www.kioware.com/", "tags": ["Product"], "source": "cvd@cert.pl"}, {"url": "https://cert.pl/en/posts/2024/04/CVE-2024-3459", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://cert.pl/posts/2024/04/CVE-2024-3459", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.kioware.com/", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "cvd@cert.pl", "description": [{"lang": "en", "value": "CWE-424"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "KioWare for Windows (versions all\u00a0through 8.34)\u00a0allows to escape the environment by downloading PDF files, which then by default are opened in an external PDF viewer. By using built-in functions of that viewer it is possible to launch a web browser, search through local files and, subsequently, launch any program with user privileges.\n\n"}, {"lang": "es", "value": "KioWare para Windows (versiones hasta 8.34) permite escapar del entorno descargando archivos PDF, que luego se abren de forma predeterminada en un visor de PDF externo. Al utilizar las funciones integradas de ese visor, es posible iniciar un navegador web, buscar en archivos locales y, posteriormente, iniciar cualquier programa con privilegios de usuario."}], "lastModified": "2025-02-12T01:48:00.043", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:kioware:kioware:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "08120DB6-BEF8-4C1E-B969-3F661CB25C70", "versionEndIncluding": "8.34"}], "operator": "OR"}]}], "sourceIdentifier": "cvd@cert.pl"}