{"uuid": "3eb61a28-603a-4bbf-a300-f6e30056abda", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-5964", "type": "seen", "source": "https://t.me/cibsecurity/73616", "content": "\u203c CVE-2023-5964 \u203c\n\nThe 1E-Exchange-DisplayMessageinstruction that is part of the End-User Interaction product pack available on the 1E Exchange does not properly validate the Caption or Message parameters, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions.To remediate this issue DELETE the instruction\u00c2\u00a0\u00e2\u20ac\u0153Show dialogue with caption %Caption% and message %Message%\u00e2\u20ac\ufffd from the list of instructions in the Settings UI, and replace it with the new instruction\u00c2\u00a01E-Exchange-ShowNotification instruction available in the updated End-User Interaction product pack. The new instruction should show as\u00c2\u00a0\u00e2\u20ac\u0153Show %Type% type notification with header %Header% and message %Message%\u00e2\u20ac\ufffd with a version of 7.1 or above.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-11-06T16:25:51.000000Z"}