CVE-2024-7886 HIGH

CVE-2024-7886: Scooter Software Beyond Compare 7zxa.dll uncontrolled search path

Vendor Scooter Software
Product Beyond Compare
Weakness CWE-427
Published August 16, 2024
Last update January 10, 2025

CVSS base score

8.5/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability has been found in Scooter Software Beyond Compare up to 3.3.5.15075 and classified as critical. Affected by this vulnerability is an unknown functionality in the library 7zxa.dll. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The real existence of this vulnerability is still doubted at the moment. The vendor explains that a system must be breached before exploiting this issue. They are not planning on making any changes to address it.

Key dates

02Disclosure timeline

August 16, 2024 CVE published
January 10, 2025 Record updated