What is CVE-2024-3459?

CVE-2024-3459 is a high-severity vulnerability in Kioware, classified under CWE-424. CVSS score: 8.4/10. Published 2024-05-09.

How severe is CVE-2024-3459?

High severity. CVSS v3 base score is 8.4 out of 10.

Is CVE-2024-3459 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Kioware

CVE-2024-3459

KioWare for Windows (versions all through 8.34) allows to escape the environment by downloading PDF files, which then by default are opened in an external PDF viewer. By using built-in functions of that viewer it is possible to launch a we…

EPSS: 0.001 (24.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.4 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Kioware — versions 0

Weakness classification (CWE)

CWE-424

Public proof-of-concept exploits

References

cert.pl/posts/2024/04/CVE-2024-3459 (third-party-advisory)
cert.pl/en/posts/2024/04/CVE-2024-3459 (third-party-advisory)
www.kioware.com/ (product)

Frequently asked questions

What is CVE-2024-3459?: CVE-2024-3459 is a high-severity vulnerability in Kioware, classified under CWE-424. CVSS score: 8.4/10. Published 2024-05-09.
How severe is CVE-2024-3459?: High severity. CVSS v3 base score is 8.4 out of 10.
Is CVE-2024-3459 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.