Vulnerabilities > CVE-2023-4770 - Unspecified vulnerability in 4D and Server

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

NVD

Published: 2023-11-30

Updated: 2024-11-21

Summary

An uncontrolled search path element vulnerability has been found on 4D and 4D server Windows executables applications, affecting version 19 R8 100218. This vulnerability consists in a DLL hijacking by replacing x64 shfolder.dll in the installation path, causing an arbitrary code execution.

Vulnerable Configurations

Part	Description	Count
Application	4D 4D 4D 19 4D Server 19	2
OS	Microsoft Microsoft Windows -	1

References

https://www.incibe.es/en/incibe-cert/notices/aviso/uncontrolled-search-path-element-vulnerability-4d-and-4d-windows-server
https://www.incibe.es/en/incibe-cert/notices/aviso/uncontrolled-search-path-element-vulnerability-4d-and-4d-windows-server