{"vulnerability": "cve-2023-5964", "sightings": [{"uuid": "fe2a42f2-a55c-4823-8a5e-f3a5f9bd67ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-5964", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/16961", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-5964\n\ud83d\udd25 CVSS Score: 9.9 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)\n\ud83d\udd39 Description: The 1E-Exchange-DisplayMessageinstruction that is part of the End-User Interaction product pack available on the 1E Exchange does not properly validate the Caption or Message parameters, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions. This instruction only runs on Windows clients.\n\nTo remediate this issue DELETE the instruction\u00a0\u201cShow dialogue with caption %Caption% and message %Message%\u201d from the list of instructions in the Settings UI, and replace it with the new instruction\u00a01E-Exchange-ShowNotification instruction available in the updated End-User Interaction product pack. The new instruction should show as\u00a0\u201cShow %Type% type notification with header %Header% and message %Message%\u201d with a version of 7.1 or above.\n\ud83d\udccf Published: 2023-11-06T12:27:12.281Z\n\ud83d\udccf Modified: 2025-05-20T08:19:15.885Z\n\ud83d\udd17 References:\n1. https://exchange.1e.com/product-packs/end-user-interaction/\n2. https://www.teamviewer.com/en/resources/trust-center/security-bulletins/1e-2023-2006/", "creation_timestamp": "2025-05-20T08:40:02.000000Z"}, {"uuid": "3eb61a28-603a-4bbf-a300-f6e30056abda", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2023-5964", "type": "seen", "source": "https://t.me/cibsecurity/73616", "content": "\u203c CVE-2023-5964 \u203c\n\nThe 1E-Exchange-DisplayMessageinstruction that is part of the End-User Interaction product pack available on the 1E Exchange does not properly validate the Caption or Message parameters, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions.To remediate this issue DELETE the instruction\u00c2\u00a0\u00e2\u20ac\u0153Show dialogue with caption %Caption% and message %Message%\u00e2\u20ac\ufffd from the list of instructions in the Settings UI, and replace it with the new instruction\u00c2\u00a01E-Exchange-ShowNotification instruction available in the updated End-User Interaction product pack. The new instruction should show as\u00c2\u00a0\u00e2\u20ac\u0153Show %Type% type notification with header %Header% and message %Message%\u00e2\u20ac\ufffd with a version of 7.1 or above.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-11-06T16:25:51.000000Z"}]}