What the vulnerability does

01Description

A vulnerability has been identified in DIGSI 4 (All versions < V4.94 SP1 HF 1). Several folders in the %PATH% are writeable by normal users. As these folders are included in the search for dlls, an attacker could place dlls there with code executed by SYSTEM.

Key dates

02Disclosure timeline

February 9, 2021 CVE published
August 4, 2024 Record updated