Incorrect Default Permissions vulnerability in Edgecross Basic Software for Windows versions 1.00 and later and Edgecross Basic Software for Developers versions 1.00 and later allows a malicious local attacker to execute an arbitrary malicious code, resulting in information disclosure, tampering with and deletion, or a denial-of-service (DoS) condition, if the product is installed in a folder other than a folder that only users with administrative privilege have permission to modify.
History

Thu, 19 Dec 2024 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 19 Dec 2024 07:30:00 +0000

Type Values Removed Values Added
Description Incorrect Default Permissions vulnerability in Edgecross Basic Software for Windows versions 1.00 and later and Edgecross Basic Software for Developers versions 1.00 and later allows a malicious local attacker to execute an arbitrary malicious code, resulting in information disclosure, tampering with and deletion, or a denial-of-service (DoS) condition, if the product is installed in a folder other than a folder that only users with administrative privilege have permission to modify.
Weaknesses CWE-276
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Mitsubishi

Published: 2024-12-19T07:20:54.952Z

Updated: 2024-12-19T16:38:12.287Z

Reserved: 2024-04-26T08:56:44.357Z

Link: CVE-2024-4229

cve-icon Vulnrichment

Updated: 2024-12-19T16:27:52.663Z

cve-icon NVD

Status : Received

Published: 2024-12-19T08:17:30.230

Modified: 2024-12-19T08:17:30.230

Link: CVE-2024-4229

cve-icon Redhat

No data.