CVE-2024-7326
HIGHIObit DualSafe Password Manager 1.4.0.3 - Uncontrolled Search Path Element in BPL Handler
Title source: llmDescription
A vulnerability classified as critical has been found in IObit DualSafe Password Manager 1.4.0.3. This affects an unknown part in the library RTL120.BPL of the component BPL Handler. The manipulation leads to uncontrolled search path. It is possible to launch the attack on the local host. The identifier VDB-273249 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
References (4)
Core 4
Core References
Permissions Required, Third Party Advisory vdb-entry
https://vuldb.com/?id.273249
Permissions Required, Third Party Advisory signature
permissions-required
https://vuldb.com/?ctiid.273249
Third Party Advisory third-party-advisory
https://vuldb.com/?submit.378150
Exploit, Third Party Advisory related
https://lab52.io/blog/dll-side-loading-through-iobit-against-colombia/
Scores
CVSS v3
7.8
EPSS
0.0033
EPSS Percentile
24.2%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-427
Status
published
Products (1)
itopvpn/dualsafe_password_manager
1.4.0.3
Published
Jul 31, 2024
Tracked Since
Feb 18, 2026