CVE-2024-28131

HIGH

EasyRange Ver 1.41 - Code Injection

Title source: llm

Description

EasyRange Ver 1.41 contains an issue with the executable file search path when displaying an extracted file on Explorer, which may lead to loading an executable file resides in the same folder where the extracted file is placed. If this vulnerability is exploited, arbitrary code may be executed with the privilege of the running program. Note that the developer was unreachable, therefore, users should consider stop using EasyRange Ver 1.41.

References (1)

[Third Party Advisory] https://jvn.jp/en/jp/JVN13113728/index.html

Scores

CVSS v3 7.8

EPSS 0.0006

EPSS Percentile 18.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-427

Status draft

Timeline

Published Mar 26, 2024

Tracked Since Feb 18, 2026