CVE-2023-4770 MEDIUM

CVE-2023-4770: Uncontrolled Search Path Element Vulnerability in 4D and 4D Windows Server

Vendor 4D
Product 4D.exe
Weakness CWE-427
Published November 30, 2023
Last update August 2, 2024

CVSS base score

6.5/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

An uncontrolled search path element vulnerability has been found on 4D and 4D server Windows executables applications, affecting version 19 R8 100218. This vulnerability consists in a DLL hijacking by replacing x64 shfolder.dll in the installation path, causing an arbitrary code execution.

Key dates

02Disclosure timeline

November 30, 2023 CVE published
August 2, 2024 Record updated