CVE-2023-5964
Summary
The 1E Exchange End-User Interaction product pack contains a vulnerability in its 'DisplayMessage' instruction. Improper validation of 'Caption' and 'Message' parameters allows for arbitrary code execution with SYSTEM privileges. A workaround involves deleting the vulnerable instruction and replacing it with the 'ShowNotification' instruction from an updated product pack.
IFF Assessment
This vulnerability allows for arbitrary code execution with SYSTEM permissions, making it a significant threat to affected systems.
Severity
Defender Context
This vulnerability allows attackers to execute arbitrary code with high privileges on affected systems. Defenders should prioritize patching or applying the recommended workaround to mitigate the risk of SYSTEM-level compromise. This highlights the importance of input validation in software components, especially those with administrative capabilities.