Lucene search

[email protected]NVD:CVE-2023-25428

HistoryMay 12, 2023 - 4:15 p.m.

CVE-2023-25428

2023-05-1216:15:09

CWE-427

[email protected]

web.nvd.nist.gov

dll hijacking

soft-o

password manager

code execution

arbitrary dlls

cve-2023-25428

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

21.4%

JSON

A DLL Hijacking issue discovered in Soft-o Free Password Manager 1.1.20 allows attackers to create arbitrary DLLs leading to code execution.

Affected configurations

Nvd

Node

soft-ofree_password_managerMatch1.1.20

VendorProductVersionCPE
soft-ofree_password_manager1.1.20cpe:2.3:a:soft-o:free_password_manager:1.1.20:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
soft-o	free_password_manager	1.1.20	cpe:2.3:a:soft-o:free_password_manager:1.1.20:::::::*

References

packetstormsecurity.com/files/172259/Soft-o-Free-Password-Manager-1.1.20-DLL-Hijacking.html

www.soft-o.com/products/free-password-manager.html

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

21.4%

JSON

Related for NVD:CVE-2023-25428

cvelist1 cve1 packetstorm1 prion1