5.3
CVE-2023-7270
- EPSS 0.32%
- Veröffentlicht 27.06.2024 10:15:10
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle 551230f0-3615-47bd-b7cc-93e92e
- CVE-Watchlists
- Unerledigt
Local Privilege Escalation via MSI installer
An issue was discovered in SoftMaker Office 2024 / NX before revision 1214 and SoftMaker FreeOffice 2014 before revision 1215. FreeOffice 2021 is also affected, but won't be fixed. The SoftMaker Office and FreeOffice MSI installer files were found to produce a visible conhost.exe window running as the SYSTEM user when using the repair function of msiexec.exe. This allows a local, low-privileged attacker to use a chain of actions, to open a fully functional cmd.exe with the privileges of the SYSTEM user.
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Herstellersoftmaker
≫
Produkt
softmaker_office
Default Statusunknown
Version
2024
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.32% | 0.238 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 5.3 | 1.8 | 3.4 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
|
CWE-266 Incorrect Privilege Assignment
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
http://seclists.org/fulldisclosure/2024/Jul/5
https://r.sec-consult.com/softmaker
https://softmaker.de/download/servicepacks
https://www.freeoffice.com/de/download/servicepacks