Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-4770: Uncontrolled Search Path Element Vulnerability in 4D and 4D Windows Server

An uncontrolled search path element vulnerability has been found on 4D and 4D server Windows executables applications, affecting version 19 R8 100218. This vulnerability consists in a DLL hijacking by replacing x64 shfolder.dll in the installation path, causing an arbitrary code execution.

CVE
#vulnerability#windows

Affected Resources

  • 4D.exe and 4D Server.exe executables, in their 19 R8 100218 version, are affected by this vulnerability.

Description

INCIBE has coordinated the publication of one vulnerabilitiy that affects 4D and 4D server Windows executables, which have been discovered by Alexander Huaman Jaimes (@zanganox).

This vulnerabilitiy has been assigned the following code, CVSS v3.1 base score, CVSS vector string, and CWE vulnerability type:

  • CVE-2023-4770: CVSS v3.1: 6.5 | CVSS: AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H | CWE-427.

Solution

There is no solution reported at the moment.

Detail

  • CVE-2023-4770: an uncontrolled search path element vulnerability has been found on 4D and 4D server Windows executables applications, affecting version 19 R8 100218. This vulnerability consists in a DLL hijacking by replacing x64 shfolder.dll in the installation path, causing an arbitrary code execution.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907