CVE-2023-34641

HIGH

KioWare for Windows <8.33 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-34641. PoCs published by huntergregal.

AI-analyzed exploit summary The repository provides a detailed technical description of CVE-2023-34641, a sandbox escape vulnerability in KioWare for Windows through version 8.33. The vulnerability arises from an incomplete blacklist filter for blocked dialog boxes, allowing JavaScript functions like 'window.print()' to open file dialogs and execute unprivileged commands.

Description

KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. This issue can allow attackers to open a file dialog box via the function window.print() which can then be used to open an unprivileged command prompt.

Exploits (1)

github WRITEUP 3 stars
by huntergregal · poc
https://github.com/huntergregal/CVE/tree/main/CVE-2023-34641

The repository provides a detailed technical description of CVE-2023-34641, a sandbox escape vulnerability in KioWare for Windows through version 8.33. The vulnerability arises from an incomplete blacklist filter for blocked dialog boxes, allowing JavaScript functions like 'window.print()' to open file dialogs and execute unprivileged commands.

Classification
Writeup 90%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: KioWare for Windows through version 8.33
No auth needed
Prerequisites: JavaScript execution enabled in KioWare browser · Configuration allows 'Javascript Printing'
devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 7.8
EPSS 0.0023
EPSS Percentile 14.0%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

Status published
Products (1)
kioware/kioware < 8.33
Published Jun 19, 2023
Tracked Since Feb 18, 2026