CVE-2023-4770

CVSS V2 None CVSS V3 None

Description

An uncontrolled search path element vulnerability has been found on 4D and 4D server Windows executables applications, affecting version 19 R8 100218. This vulnerability consists in a DLL hijacking by replacing x64 shfolder.dll in the installation path, causing an arbitrary code execution.

Overview

CVE ID
CVE-2023-4770

Assigner
INCIBE

Vulnerability Status
PUBLISHED

Published Version
2023-11-30T13:32:43.408Z

Last Modified Date
2023-11-30T13:32:43.408Z

Weakness Enumerations

CWE	URL
CWE-427	http://cwe.mitre.org/data/definitions/427.html

References

Reference URL	Reference Tags
https://www.incibe.es/en/incibe-cert/notices/aviso/uncontrolled-search-path-element-vulnerability-4d-and-4d-windows-server

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-4770
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4770

History

Created	Old Value	New Value	Data Type	Notes
2024-06-24 19:08:06				Added to TrackCVE