CVE-2023-49147
PDF24 Creator 11.14.0 contains a misconfigured MSI installer that shows a visible cmd.exe during the msiexec repair function, enabling a local unprivileged attacker to escalate to SYSTEM via actions like an oplock on faxPrnInst.log. The issue is publicly discussed by Red Hat and PT-Security, with...