CVE-2023-34641

HIGH

KioWare for Windows <8.33 - Info Disclosure

Title source: llm

Description

KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. This issue can allow attackers to open a file dialog box via the function window.print() which can then be used to open an unprivileged command prompt.

Exploits (1)

github WRITEUP 3 stars

by huntergregal · poc

https://github.com/huntergregal/CVE/tree/main/CVE-2023-34641

View Code ZIP pw:eip

References (3)

[Various Sources] https://github.com/huntergregal/CVE/tree/main/CVE-2023-34641

[Broken Link] https://github.com/huntergregal/CVE/tree/main/TBD-KIOWARE-001

View Writeup ZIP pw:eip

[Release Notes] https://www.kioware.com/versionhistory.aspx?pid=15

Scores

CVSS v3 7.8

EPSS 0.0005

EPSS Percentile 16.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

Status published

Products (1)

kioware/kioware < 8.33

Published Jun 19, 2023

Tracked Since Feb 18, 2026