Incomplete Blacklist Filter in KioWare for Windows Allows Unprivileged Command Prompt Access

Incomplete Blacklist Filter in KioWare for Windows Allows Unprivileged Command Prompt Access

CVE-2023-34641 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. This issue can allow attackers to open a file dialog box via the function window.print() which can then be used to open an unprivileged command prompt.

Learn more about our Web Application Penetration Testing UK.