CVE-2023-31468 Information

Description

An issue was discovered in Inosoft VisiWin 7 through 2022-2.1 (Runtime RT7.3 RC3 20221209.5). The %PROGRAMFILES(X86)%\INOSOFT GmbH\ folder has weak permissions for Everyone allowing an attacker to insert a Trojan horse file that runs as SYSTEM.

Reference

http://packetstormsecurity.com/files/174268/Inosoft-VisiWin-7-2022-2.1-Insecure-Permissions-Privilege-Escalation.html https://www.exploit-db.com/exploits/51682