VYPR

Reflect

by Prowise

CVEs (4)

  • CVE-2024-55511HigJan 16, 2025
    risk 0.51cvss 7.8epss 0.00

    A null pointer dereference vulnerability in Macrium Reflect prior to 8.1.8017 allows a local attacker to cause a system crash or potentially elevate their privileges via executing a specially crafted executable.

  • CVE-2022-50925Jan 13, 2026
    risk 0.00cvss epss 0.00

    Prowise Reflect version 1.0.9 contains a remote keystroke injection vulnerability that allows attackers to send keyboard events through an exposed WebSocket on port 8082. Attackers can craft malicious web pages to inject keystrokes, opening applications and typing arbitrary text…

  • CVE-2023-43896Oct 10, 2023
    risk 0.00cvss epss 0.00

    A buffer overflow in Macrium Reflect 8.1.7544 and below allows attackers to escalate privileges or execute arbitrary code.

  • CVE-2020-10143Dec 9, 2020
    risk 0.00cvss epss 0.01

    Macrium Reflect includes an OpenSSL component that specifies an OPENSSLDIR variable as C:\openssl\. Macrium Reflect contains a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can…