Description

Incomplete filtering of special elements vulnerability exists in RevoWorks SCVX using 'File Sanitization Library' 1.043 and prior versions, RevoWorks Browser 2.2.67 and prior versions (when using 'File Sanitization Option'), and RevoWorks Desktop 2.1.84 and prior versions (when using 'File Sanitization Option'), which may allow an attacker to execute a malicious macro by having a user to download, import, and open a specially crafted file in the local environment.

Related CPE's

a

jscom

revoworks_browser

Vulnerable

a

jscom

revoworks_desktop

Vulnerable

a

jscom

revoworks_scvx

Vulnerable

References

https://jscom.jp/news-20220527/

Vendor Advisory

https://jvn.jp/en/jp/JVN27256219/index.html

Third Party Advisory

Weaknesses

[email protected]

Primary
NVD-CWE-Other

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.8 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2022-06-14T09:15:09.433

3 years ago

Last modified

2022-06-27T17:09:47.783

3 years ago