Incomplete Blacklist Filter in KioWare for Windows Allows Unauthorized Access via File Dialog Box

Incomplete Blacklist Filter in KioWare for Windows Allows Unauthorized Access via File Dialog Box

CVE-2023-34642 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. This issue can allow attackers to open a file dialog box via the function showDirectoryPicker() which can then be used to open an unprivileged command prompt.

Learn more about our Web Application Penetration Testing UK.