CVE-2023-49797

Summary

CVE-2023-49797 is a vulnerability affecting PyInstaller, a tool used to bundle Python applications and their dependencies into a single package. This vulnerability allows an unprivileged attacker to trick a privileged PyInstaller built application into deleting files that the attacker does not have access to. To exploit this vulnerability, the attacker needs to carefully time the replacement of a temporary file with a symlink. The vulnerability only affects users who run an application containing either `matplotlib` or `win32com`, and the application is run as an administrator or with higher privileges than the attacker. Additionally, if the user's temporary directory is not locked and points to an unprotected location, they are also vulnerable. To remediate this vulnerability, users should ensure that their temporary directory is locked to their specific user and update PyInstaller to a version that includes protection for Python 3.7.x or earlier. The potential danger posed by this vulnerability is high, as it can result in unauthorized deletion of critical files and compromise the integrity and confidentiality of an organization's data.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.