Vulnerabilities > CVE-2024-24122 - Unspecified vulnerability in Wondershare Edraw 3.2.2

CVSS 3.3 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

local

low complexity

wondershare

NVD

Published: 2024-10-02

Updated: 2024-11-13

Summary

A remote code execution vulnerability in the project management of Wanxing Technology's Yitu project which allows an attacker to use the exp.adpx file as a zip compressed file to construct a special file name, which can be used to decompress the project file into the system startup folder, restart the system, and automatically execute the constructed attack script.

Vulnerable Configurations

Part	Description	Count
Application	Wondershare Wondershare Edraw 3.2.2	1

References

https://github.com/zty007666/Shenzhen-Yitu-Software-Yitu-Project-Management-Software/tree/0215da8db607824bc9523ce7532f8fc53ba1b40a/Remote%20Code%20Execution%20Vulnerability_02
https://gist.github.com/zty-1995/effed155177edd7b22fdf2c082e32984