CVE-2023-48387

CVSS V2 None CVSS V3 None
Description
TAIWAN-CA(TWCA) JCICSecurityTool fails to check the source website and access locations when executing multiple Registry-related functions. In the scenario where a user is using the JCICSecurityTool and has completed identity verification, if the user browses a malicious webpage created by an attacker, the attacker can exploit this vulnerability to read or modify any registry file under HKEY_CURRENT_USER, thereby achieving remote code execution.
Overview
  • CVE ID
  • CVE-2023-48387
  • Assigner
  • twcert
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2023-12-15T08:40:34.306Z
  • Last Modified Date
  • 2024-01-31T02:12:57.800Z
References
History
Created Old Value New Value Data Type Notes
2024-06-25 00:11:48 Added to TrackCVE