AesirSec

1 exploit Active since Mar 2023

CVE-2022-44875 NOMISEC MEDIUM WRITEUP

KioWare < 8.33 - Remote Code Execution via KioUtils.Execute

KioWare through 8.33 on Windows sets KioScriptingUrlACL.AclActions.AllowHigh for the about:blank origin, which allows attackers to obtain SYSTEM access via KioUtils.Execute in JavaScript code.

CVSS 5.4

View Code