4 matches found
CVE-2023-49147
An issue was discovered in PDF24 Creator 11.14.0. The configuration of the msi installer file was found to produce a visible cmd.exe window when using the repair function of msiexec.exe. This allows an unprivileged local attacker to use a chain of actions e.g., an oplock on faxPrnInst.log to open...
CVE-2023-49147
creationtimestamp| type| source ---|---|--- 2023-12-20 13:53:25+00:00| seen| https://t.me/ctinow/156990 2024-01-02 18:16:23+00:00| seen| https://t.me/ctinow/161935 2024-01-07 02:32:16+00:00| seen| https://t.me/ctinow/164042 2024-10-24 09:07:24+00:00| seen| MISP/22a082e7-37ab-405b-8c3a-9893aa2c84c...
CVE-2023-49147
PDF24 Creator 11.14.0 contains a misconfigured MSI installer that shows a visible cmd.exe during the msiexec repair function, enabling a local unprivileged attacker to escalate to SYSTEM via actions like an oplock on faxPrnInst.log. The issue is publicly discussed by Red Hat and PT-Security, with...
PDF24 Creator 11.15.1 Local Privilege Escalation
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Local Privilege Escalation via MSI installer product: PDF24 Creator geek Software GmbH vulnerable version: =11.15.1 fixed version: 11.15.2 CVE number: CVE-2023-49147...