VYPR

KioWare for Windows

by KioWare

CVEs (5)

  • CVE-2024-3459HigMay 14, 2024
    risk 0.55cvss 8.4epss 0.00

    KioWare for Windows (versions all through 8.34) allows to escape the environment by downloading PDF files, which then by default are opened in an external PDF viewer. By using built-in functions of that viewer it is possible to launch a web browser, search through local files…

  • CVE-2023-34642HigJun 19, 2023
    risk 0.51cvss 7.8epss 0.00

    KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. This issue can allow attackers to open a file dialog box via the function showDirectoryPicker() which can then be used to open an unprivileged…

  • CVE-2023-34641HigJun 19, 2023
    risk 0.51cvss 7.8epss 0.00

    KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. This issue can allow attackers to open a file dialog box via the function window.print() which can then be used to open an unprivileged command…

  • CVE-2024-3460HigMay 14, 2024
    risk 0.48cvss 7.4epss 0.00

    In KioWare for Windows (versions all through 8.34) it is possible to exit this software and use other already opened applications utilizing a short time window before the forced automatic logout occurs. Then, by using some built-in function of these applications, one may…

  • CVE-2024-3461MedMay 14, 2024
    risk 0.40cvss 6.2epss 0.00

    KioWare for Windows (versions all through 8.35) allows to brute force the PIN number, which protects the application from being closed, as there are no mechanisms preventing a user from excessively guessing the number.