CVE-2023-4770

Uncontrolled Search Path Element Vulnerability in 4D and 4D Windows Server

CVSS 6.5 MEDIUMEPSS 0.3%CWE-427

An uncontrolled search path element vulnerability has been found on 4D and 4D server Windows executables applications, affecting version 19 R8 100218. This vulnerability consists in a DLL hijacking by replacing x64 shfolder.dll in the installation path, causing an arbitrary code execution.

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Productos afectados

4D · 4D.exe 4D · 4D Server.exe

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://www.incibe.es/en/incibe-cert/notices/aviso/uncontrolled-search-path-element-vulnerability-4d-and-4d-windows-server