CVE-2023-34642 Information

Description

KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. This issue can allow attackers to open a file dialog box via the function showDirectoryPicker() which can then be used to open an unprivileged command prompt.

Reference

https://www.kioware.com/versionhistory.aspx?pid=15 https://github.com/huntergregal/CVE/tree/main/TBD-KIOWARE-002