CVE-2024-36071

Published: Jun 20, 2024Modified: Jun 3, 2025

6.3

Vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Exploitability: 0.3 / Impact: 5.9

Source: NVD

Description

Samsung Magician 8.0.0 on Windows allows an admin to escalate privileges by tampering with the directory and DLL files used during the installation process. This occurs because of an Untrusted Search Path.

Affected (1)

Products: Samsung: Magician

Samsung

1 product

Magician

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Samsung Magician	Version 8.0.0

Running on/with	Platform Versions
Microsoft Windows	All versions

Related CWEs

CWE-426

Untrusted Search Path

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

References (2)

https://semiconductor.samsung.com/support/quality-support/product-security-updates/

Source: cve@mitre.org

Vendor Advisory

https://semiconductor.samsung.com/support/quality-support/product-security-updates/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.