OM Digital Solutions OM Workspace Insecure DLL Loading Vulnerability Allowing Arbitrary Code Execution
Vulnerability
A vulnerability exists in the installer for OM Workspace (Windows Edition) versions through 2.4. The issue arises from the installer insecurely loading Dynamic Link Libraries (DLLs), which could enable an attacker to execute arbitrary code with the privileges of the user running the installer. This vulnerability is exploited by persuading a user to download a maliciously crafted DLL, place it in the same directory as the installer, and then execute the installer.
Impact
Exploitation of this vulnerability could lead to arbitrary code execution with the privileges of the user who invoked the installer.
Remediation
Users are advised to update to the latest version of OM Workspace. The current installer available on the OM Digital Solutions website has been updated to address this vulnerability. For those already using OM Workspace, the software can be updated from the Help menu or by downloading the latest installer and reinstalling the application.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.