← Back

Reflect

reflect

Vendor: Macrium • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2023-43896
1Macrium
1Reflect
Jun 17, 2026
Oct 10, 2023
N/A· v4
7.8 HIGH· v3
N/A· v2
A buffer overflow in Macrium Reflect 8.1.7544 and below allows attackers to escalate privileges or execute arbitrary code.
CVE-2020-10143
1Macrium
1Reflect
Jun 17, 2026
Dec 9, 2020
N/A· v4
7.8 HIGH· v3
7.2 HIGH· v2
Macrium Reflect includes an OpenSSL component that specifies an OPENSSLDIR variable as C:\openssl\. Macrium Reflect contains a privileged service that uses this OpenSSL component. Because unprivileged Windows users can c...Show more
Macrium Reflect includes an OpenSSL component that specifies an OPENSSLDIR variable as C:\openssl\. Macrium Reflect contains a privileged service that uses this OpenSSL component. Because unprivileged Windows users can create subdirectories off of the system root, a user can create the appropriate path to a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges.Show less