Also make sure, that Edge or IE have not been set to the default browser. A different browser, such as Chrome or Firefox, needs to be used. Note: This attack does not work using a recent version of the Edge Browser or Internet Explorer. This allows a local attacker to use a chain of actions, to open a fully functional cmd.exe with the privileges of the SYSTEM user. The configuration of the PDF24 Creator MSI installer file was found to produce a visible cmd.exe window running as the SYSTEM user when using the repair function of msiexec.exe. Vulnerability overview/description 1) Local Privilege Escalation via MSI installer (CVE-2023-49147) SEC Consult highly recommends to perform a thorough security review of the product conducted by security professionals to identify and resolve potential further security issues. The vendor provides a patch which should be installed immediately. Solutions include the well-known PDF24 Creator and PDF24 Online Tools." PDF24 offers free and easy to use PDF solutions for many PDF problems, online and as software for download. " is a project of geek software GmbH, a German company based in Berlin, that was founded in 2006.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |