mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-05 10:17:57 +00:00
1.1 KiB
1.1 KiB
CVE-2023-7270
Description
An issue was discovered in SoftMaker Office 2024 / NX before revision 1214 and SoftMaker FreeOffice 2014 before revision 1215. FreeOffice 2021 is also affected, but won't be fixed.The SoftMaker Office and FreeOffice MSI installer files were found to produce a visible conhost.exe window running as the SYSTEM user when using the repair function of msiexec.exe. This allows a local, low-privileged attacker to use a chain of actions, to open a fully functional cmd.exe with the privileges of the SYSTEM user.
POC
Reference
Github
No PoCs found on GitHub currently.