cve/2024/CVE-2024-4229.md

### [CVE-2024-4229](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4229)
![](https://img.shields.io/static/v1?label=Product&message=Edgecross%20Basic%20Software%20for%20Developers&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Edgecross%20Basic%20Software%20for%20Windows&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=versions%201.00%20and%20later%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-276%20Incorrect%20Default%20Permissions&color=brightgreen)

### Description

Incorrect Default Permissions vulnerability in Edgecross Basic Software for Windows versions 1.00 and later and Edgecross Basic Software for Developers versions 1.00 and later allows a malicious local attacker to execute an arbitrary malicious code, resulting in information disclosure, tampering with and deletion, or a denial-of-service (DoS) condition, if the product is installed in a folder other than a folder that only users with administrative privilege have permission to modify.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/ARPSyndicate/cve-scores
Update CVE list 2025-09-29 21:09 2025-09-29 21:09:30 +02:00			`### [CVE-2024-4229](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4229)`
			`![](https://img.shields.io/static/v1?label=Product&message=Edgecross%20Basic%20Software%20for%20Developers&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=Edgecross%20Basic%20Software%20for%20Windows&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=versions%201.00%20and%20later%20&color=brightgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-276%20Incorrect%20Default%20Permissions&color=brightgreen)`

			`### Description`

			`Incorrect Default Permissions vulnerability in Edgecross Basic Software for Windows versions 1.00 and later and Edgecross Basic Software for Developers versions 1.00 and later allows a malicious local attacker to execute an arbitrary malicious code, resulting in information disclosure, tampering with and deletion, or a denial-of-service (DoS) condition, if the product is installed in a folder other than a folder that only users with administrative privilege have permission to modify.`

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
			`- https://github.com/ARPSyndicate/cve-scores`