Primary

Context

Plain Craft Launcher WebBrowser Control Vulnerability Allowing Unnoticed Webpage Access via Internet Explorer

Vulnerability

Patched

A vulnerability in Plain Craft Launcher (PCL) versions through 2.9.2 allows for unnoticed access to specified webpages via Internet Explorer. This occurs when a user selects a malicious homepage that utilizes WebBrowser controls, which WPF applications load using Internet Explorer in the background. The vulnerability has been addressed in PCL version 2.9.3 by disabling unsafe controls, adding more security checks, and providing warnings before using third-party homepages.

Impact

Exploitation of this vulnerability could lead to unauthorized access of webpages specified by the user, without their knowledge.

Remediation

Users are advised to update Plain Craft Launcher to version 2.9.3 or later.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Plain Craft Launcher WebBrowser Control Vulnerability Allowing Unnoticed Webpage Access via Internet Explorer

Vulnerability

Impact

Remediation

Affected Products

Hex-Dragon Plain Craft Launcher

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating