7.8
CVE-2020-9418
- EPSS 0.43%
- Veröffentlicht 05.03.2020 16:15:12
- Zuletzt bearbeitet 21.11.2024 05:40:36
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginAn untrusted search path vulnerability in the installer of PDFescape Desktop version 4.0.22 and earlier allows an attacker to gain privileges and execute code via DLL hijacking.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Redsoftware ≫ Pdfescape Version <= 4.0.22
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.43% | 0.343 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 4.4 | 3.4 | 6.4 |
AV:L/AC:M/Au:N/C:P/I:P/A:P
|
CWE-426 Untrusted Search Path
The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.
https://support.pdfescape.com/hc/en-us/articles/360039586551