CVE-2024-3459 - Vulnerability Details - OpenCVE

KioWare for Windows (versions all through 8.34) allows to escape the environment by downloading PDF files, which then by default are opened in an external PDF viewer. By using built-in functions of that viewer it is possible to launch a web browser, search through local files and, subsequently, launch any program with user privileges.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Kioware	Kioware

Configuration 1 [-]

cpe:2.3:a:kioware:kioware:*:*:*:*:*:windows:*:*

No data.

References

Link	Providers
https://cert.pl/en/posts/2024/04/CVE-2024-3459
https://cert.pl/posts/2024/04/CVE-2024-3459
https://www.kioware.com/

History

Wed, 12 Feb 2025 02:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Kioware Kioware kioware
Weaknesses		NVD-CWE-Other
CPEs		cpe:2.3:a:kioware:kioware::::::windows::*
Vendors & Products		Kioware Kioware kioware

MITRE

Status: PUBLISHED

Assigner: CERT-PL

Published: 2024-05-09T10:13:03.813Z

Updated: 2024-08-01T20:12:07.655Z

Reserved: 2024-04-08T10:30:34.586Z

Link: CVE-2024-3459

Vulnrichment

Updated: 2024-08-01T20:12:07.655Z

NVD

Status : Analyzed

Published: 2024-05-14T15:41:12.060

Modified: 2025-02-12T01:48:00.043

Link: CVE-2024-3459

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-3459", "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "state": "PUBLISHED", "assignerShortName": "CERT-PL", "dateReserved": "2024-04-08T10:30:34.586Z", "datePublished": "2024-05-09T10:13:03.813Z", "dateUpdated": "2024-08-01T20:12:07.655Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["Windows"], "product": "Kioware", "vendor": "Kioware", "versions": [{"lessThanOrEqual": "8.34", "status": "affected", "version": "0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Maksymilian Kubiak [Afine Team]"}], "datePublic": "2024-05-09T10:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">KioWare for Windows (versions all <span style=\"background-color: rgb(255, 255, 255);\">through 8.34) </span>allows to escape the environment by downloading PDF files, which then by default are opened in an external PDF viewer. By using built-in functions of that viewer it is possible to launch a web browser, search through local files and, subsequently, launch any program with user privileges.</span><br><p><br></p>"}], "value": "KioWare for Windows (versions all\u00a0through 8.34)\u00a0allows to escape the environment by downloading PDF files, which then by default are opened in an external PDF viewer. By using built-in functions of that viewer it is possible to launch a web browser, search through local files and, subsequently, launch any program with user privileges.\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-424", "description": "CWE-424 Improper Protection of Alternate Path", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "shortName": "CERT-PL", "dateUpdated": "2024-05-09T10:13:03.813Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://cert.pl/posts/2024/04/CVE-2024-3459"}, {"tags": ["third-party-advisory"], "url": "https://cert.pl/en/posts/2024/04/CVE-2024-3459"}, {"tags": ["product"], "url": "https://www.kioware.com/"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "kioware", "product": "kioware", "cpes": ["cpe:2.3:a:kioware:kioware:*:*:*:*:*:windows:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "8.34", "versionType": "semver"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-12T19:18:41.427236Z", "id": "CVE-2024-3459", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-12T19:19:41.280Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:12:07.655Z"}, "title": "CVE Program Container", "references": [{"tags": ["third-party-advisory", "x_transferred"], "url": "https://cert.pl/posts/2024/04/CVE-2024-3459"}, {"tags": ["third-party-advisory", "x_transferred"], "url": "https://cert.pl/en/posts/2024/04/CVE-2024-3459"}, {"tags": ["product", "x_transferred"], "url": "https://www.kioware.com/"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://cert.pl/posts/2024/04/CVE-2024-3459", "tags": ["third-party-advisory", "x_transferred"]}, {"url": "https://cert.pl/en/posts/2024/04/CVE-2024-3459", "tags": ["third-party-advisory", "x_transferred"]}, {"url": "https://www.kioware.com/", "tags": ["product", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:12:07.655Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-3459", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-06-12T19:18:41.427236Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:kioware:kioware:*:*:*:*:*:windows:*:*"], "vendor": "kioware", "product": "kioware", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "8.34"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-12T19:19:30.510Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Maksymilian Kubiak [Afine Team]"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Kioware", "product": "Kioware", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "8.34"}], "platforms": ["Windows"], "defaultStatus": "unaffected"}], "datePublic": "2024-05-09T10:00:00.000Z", "references": [{"url": "https://cert.pl/posts/2024/04/CVE-2024-3459", "tags": ["third-party-advisory"]}, {"url": "https://cert.pl/en/posts/2024/04/CVE-2024-3459", "tags": ["third-party-advisory"]}, {"url": "https://www.kioware.com/", "tags": ["product"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "KioWare for Windows (versions all\u00a0through 8.34)\u00a0allows to escape the environment by downloading PDF files, which then by default are opened in an external PDF viewer. By using built-in functions of that viewer it is possible to launch a web browser, search through local files and, subsequently, launch any program with user privileges.\n\n", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">KioWare for Windows (versions all <span style=\"background-color: rgb(255, 255, 255);\">through 8.34) </span>allows to escape the environment by downloading PDF files, which then by default are opened in an external PDF viewer. By using built-in functions of that viewer it is possible to launch a web browser, search through local files and, subsequently, launch any program with user privileges.</span><br><p><br></p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-424", "description": "CWE-424 Improper Protection of Alternate Path"}]}], "providerMetadata": {"orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "shortName": "CERT-PL", "dateUpdated": "2024-05-09T10:13:03.813Z"}}}, "cveMetadata": {"cveId": "CVE-2024-3459", "state": "PUBLISHED", "dateUpdated": "2024-08-01T20:12:07.655Z", "dateReserved": "2024-04-08T10:30:34.586Z", "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6", "datePublished": "2024-05-09T10:13:03.813Z", "assignerShortName": "CERT-PL"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kioware:kioware:*:*:*:*:*:windows:*:*", "matchCriteriaId": "08120DB6-BEF8-4C1E-B969-3F661CB25C70", "versionEndIncluding": "8.34", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "KioWare for Windows (versions all\u00a0through 8.34)\u00a0allows to escape the environment by downloading PDF files, which then by default are opened in an external PDF viewer. By using built-in functions of that viewer it is possible to launch a web browser, search through local files and, subsequently, launch any program with user privileges.\n\n"}, {"lang": "es", "value": "KioWare para Windows (versiones hasta 8.34) permite escapar del entorno descargando archivos PDF, que luego se abren de forma predeterminada en un visor de PDF externo. Al utilizar las funciones integradas de ese visor, es posible iniciar un navegador web, buscar en archivos locales y, posteriormente, iniciar cualquier programa con privilegios de usuario."}], "id": "CVE-2024-3459", "lastModified": "2025-02-12T01:48:00.043", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 5.9, "source": "cvd@cert.pl", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-05-14T15:41:12.060", "references": [{"source": "cvd@cert.pl", "tags": ["Broken Link"], "url": "https://cert.pl/en/posts/2024/04/CVE-2024-3459"}, {"source": "cvd@cert.pl", "tags": ["Broken Link"], "url": "https://cert.pl/posts/2024/04/CVE-2024-3459"}, {"source": "cvd@cert.pl", "tags": ["Product"], "url": "https://www.kioware.com/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://cert.pl/en/posts/2024/04/CVE-2024-3459"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://cert.pl/posts/2024/04/CVE-2024-3459"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://www.kioware.com/"}], "sourceIdentifier": "cvd@cert.pl", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-424"}], "source": "cvd@cert.pl", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}