Vulnerability-Lookup - Search a vulnerability

All the vulnerabilites related to WORKS MOBILE Japan Corp. - Drive Explorer for macOS

cve-2023-25953

Vulnerability from cvelistv5

Published

2023-05-23 00:00

Modified

2024-08-02 11:39

Severity ?

Summary

Code injection vulnerability in Drive Explorer for macOS versions 3.5.4 and earlier allows an attacker who can login to the client where the affected product is installed to inject arbitrary code while processing the product execution. Since a full disk access privilege is required to execute LINE WORKS Drive Explorer, the attacker may be able to read and/or write to arbitrary files without the access privileges.

References

▼	URL	Tags
	https://line.worksmobile.com/jp/release-notes/20230216/
	https://jvn.jp/en/jp/JVN01937209/

Impacted products

▼	Vendor	Product
	WORKS MOBILE Japan Corp.	Drive Explorer for macOS

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T11:39:06.539Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://line.worksmobile.com/jp/release-notes/20230216/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN01937209/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Drive Explorer for macOS",
          "vendor": "WORKS MOBILE Japan Corp.",
          "versions": [
            {
              "status": "affected",
              "version": "versions 3.5.4 and earlier"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Code injection vulnerability in Drive Explorer for macOS versions 3.5.4 and earlier allows an attacker who can login to the client where the affected product is installed to inject arbitrary code while processing the product execution. Since a full disk access privilege is required to execute LINE WORKS Drive Explorer, the attacker may be able to read and/or write to arbitrary files without the access privileges."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Code injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-23T00:00:00",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "url": "https://line.worksmobile.com/jp/release-notes/20230216/"
        },
        {
          "url": "https://jvn.jp/en/jp/JVN01937209/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2023-25953",
    "datePublished": "2023-05-23T00:00:00",
    "dateReserved": "2023-03-15T00:00:00",
    "dateUpdated": "2024-08-02T11:39:06.539Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}