An uncontrolled search path element vulnerability has been found on 4D and 4D server Windows executables applications, affecting version 19 R8 100218. This vulnerability consists in a DLL hijacking by replacing x64 shfolder.dll in the installation path, causing an arbitrary code execution.
References
Link | Resource |
---|---|
https://www.incibe.es/en/incibe-cert/notices/aviso/uncontrolled-search-path-element-vulnerability-4d-and-4d-windows-server | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: INCIBE
Published: 2023-11-30T13:32:43.408Z
Updated: 2023-11-30T13:32:43.408Z
Reserved: 2023-09-05T11:46:36.852Z
Link: CVE-2023-4770
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-11-30T14:15:11.880
Modified: 2023-12-06T17:31:06.707
Link: CVE-2023-4770
JSON object: View
Redhat Information
No data.
CWE