Description

An issue was discovered in SoftMaker Office 2024 / NX before revision 1214 and SoftMaker FreeOffice 2014 before revision 1215. FreeOffice 2021 is also affected, but won't be fixed. The SoftMaker Office and FreeOffice MSI installer files were found to produce a visible conhost.exe window running as the SYSTEM user when using the repair function of msiexec.exe. This allows a local, low-privileged attacker to use a chain of actions, to open a fully functional cmd.exe with the privileges of the SYSTEM user.

INFO

Published Date :

2024-06-27T09:28:21.528Z

Last Modified :

2025-02-13T17:27:05.773Z

Source :

SEC-VLab
AFFECTED PRODUCTS

The following products are affected by CVE-2023-7270 vulnerability.

Vendors Products
Softmaker
  • Softmaker Office
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2023-7270.

URL Resource
http://seclists.org/fulldisclosure/2024/Jul/5 cve-icon cve-icon
https://r.sec-consult.com/softmaker cve-icon cve-icon
https://softmaker.de/download/servicepacks cve-icon cve-icon
https://www.freeoffice.com/de/download/servicepacks cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact