Security Advisory

CVE-2024-40721

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-08-02 10:14:39
Last updated 2024-08-02 13:47:51
Assigner twcert
State PUBLISHED

Description

The specific API in TCBServiSign Windows Version from CHANGING Information Technology does not properly validate server-side input. When a user visits a spoofed website, unauthenticated remote attackers can cause the TCBServiSign to load a DLL from an arbitrary path.