CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2023-7270 – Local Privilege Escalation via MSI installer
https://notcve.org/view.php?id=CVE-2023-7270
27 Jun 2024 — An issue was discovered in SoftMaker Office 2024 / NX before revision 1214 and SoftMaker FreeOffice 2014 before revision 1215. FreeOffice 2021 is also affected, but won't be fixed. The SoftMaker Office and FreeOffice MSI installer files were found to produce a visible conhost.exe window running as the SYSTEM user when using the repair function of msiexec.exe. This allows a local, low-privileged attacker to use a chain of actions, to open a fully functional cmd.exe with the privileges of the SYSTEM user. Se ... • https://packetstorm.news/files/id/179360 • CWE-266: Incorrect Privilege Assignment •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-13545
https://notcve.org/view.php?id=CVE-2020-13545
06 Jan 2021 — An exploitable signed conversion vulnerability exists in the TextMaker document parsing functionality of SoftMaker Office 2021’s TextMaker application. A specially crafted document can cause the document parser to miscalculate a length used to allocate a buffer, later upon usage of this buffer the application will write outside its bounds resulting in a heap-based memory corruption. An attacker can entice the victim to open a document to trigger this vulnerability. Una vulnerabilidad de conversión firmada e... • https://talosintelligence.com/vulnerability_reports/TALOS-2020-1162 • CWE-196: Unsigned to Signed Conversion Error CWE-681: Incorrect Conversion between Numeric Types CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-13544
https://notcve.org/view.php?id=CVE-2020-13544
06 Jan 2021 — An exploitable sign extension vulnerability exists in the TextMaker document parsing functionality of SoftMaker Office 2021’s TextMaker application. A specially crafted document can cause the document parser to sign-extend a length used to terminate a loop, which can later result in the loop’s index being used to write outside the bounds of a heap buffer during the reading of file data. An attacker can entice the victim to open a document to trigger this vulnerability. Una vulnerabilidad de extensión de fir... • https://talosintelligence.com/vulnerability_reports/TALOS-2020-1161 • CWE-194: Unexpected Sign Extension CWE-681: Incorrect Conversion between Numeric Types •