Security Advisory

CVE-2023-49147

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-12-19 00:00:00

Last updated 2024-08-02 21:46:29

Assigner mitre

State PUBLISHED

Description

An issue was discovered in PDF24 Creator 11.14.0. The configuration of the msi installer file was found to produce a visible cmd.exe window when using the repair function of msiexec.exe. This allows an unprivileged local attacker to use a chain of actions (e.g., an oplock on faxPrnInst.log) to open a SYSTEM cmd.exe.

← Browse all CVEs View on cve.org ↗