CVE-2022-44875 Information

Description

KioWare through 8.33 on Windows sets KioScriptingUrlACL.AclActions.AllowHigh for the about:blank origin which allows attackers to obtain SYSTEM access via KioUtils.Execute in JavaScript code.

Reference

https://github.com/olnor18/writeup/tree/master/CVE/CVE-2022-44875 https://www.kioware.com/versionhistory.aspx?pid=15