Bitk - Security Researcher - Exploit Intelligence Platform

CVE-2023-34642 WRITEUP HIGH WRITEUP

KioWare for Windows <= 8.33 - Unauthenticated OS Command Injection via showDirectoryPicker Function

KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. This issue can allow attackers to open a file dialog box via the function showDirectoryPicker() which can then be used to open an unprivileged command prompt.

CVSS 7.8

View Code

CVE-2023-34641 WRITEUP HIGH WRITEUP

KioWare for Windows <8.33 - Info Disclosure

KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. This issue can allow attackers to open a file dialog box via the function window.print() which can then be used to open an unprivileged command prompt.

CVSS 7.8

View Code

CVE-2023-34642 WRITEUP HIGH WRITEUP

KioWare for Windows <= 8.33 - Unauthenticated OS Command Injection via showDirectoryPicker Function

KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. This issue can allow attackers to open a file dialog box via the function showDirectoryPicker() which can then be used to open an unprivileged command prompt.

CVSS 7.8

View Code