SB2024112146 - Multiple vulnerabilities in Edgecross Basic Software for Windows

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Incorrect default permissions (CVE-ID: CVE-2024-4229)

The vulnerability allows a local user to execute arbitrary code on the system.

The vulnerability exists due to incorrect default permissions. A local user can execute arbitrary code on the target system.

2) External Control of File Name or Path (CVE-ID: CVE-2024-4230)

The vulnerability allows a local user to execute arbitrary code on the system.

The vulnerability exists due to application allows an attacker to control path of the files. A local user can execute arbitrary code on the target system.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

• https://jvn.jp/en/vu/JVNVU92857077/index.html
• https://www.edgecross.org/client_info/EDGECROSS/view/userweb/ext/en/data-download/pdf/ECD-TE10-0003-01-EN.pdf