CVE-2023-34407 – CVE-2023-34407 is a directory traversal vulnera... (How to Fix)

📋 TL;DR

CVE-2023-34407 is a directory traversal vulnerability in Harbinger Offline Player's OfflinePlayerService.exe that allows attackers to access arbitrary files on the system by using '..\' sequences in URLs. This affects systems running Harbinger Offline Player 4.0.6.0.2, potentially exposing sensitive data or enabling further system compromise.

💻 Affected Systems

Products:

Harbinger Offline Player

Versions: 4.0.6.0.2

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the default installation of OfflinePlayerService.exe which runs with LocalSystem privileges.

📦 What is this software?

Office Player by Harbingergroup

View all CVEs affecting Office Player →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise via LocalSystem privilege escalation leading to complete control of the affected system, data exfiltration, and lateral movement within the network.

🟠

Likely Case

Unauthorized file access and potential credential theft from system files, configuration files, or application data.

🟢

If Mitigated

Limited impact with proper network segmentation and file system permissions preventing access to critical system files.

🌐 Internet-Facing: HIGH if the service is exposed to the internet, as exploitation requires no authentication and has public proof-of-concept available.

🏢 Internal Only: MEDIUM for internal networks, as attackers would need initial access but could then escalate privileges and move laterally.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept demonstrates directory traversal via URL manipulation. Exploitation is straightforward with no authentication required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Check vendor website for updates or consider workarounds.

🔧 Temporary Workarounds

Network Access Restriction

windows

Block network access to OfflinePlayerService.exe using firewall rules

netsh advfirewall firewall add rule name="Block OfflinePlayerService" dir=in action=block program="C:\Path\To\OfflinePlayerService.exe" enable=yes

Service Disablement

windows

Disable the OfflinePlayerService if not required

sc config OfflinePlayerService start= disabled
sc stop OfflinePlayerService

🧯 If You Can't Patch

Implement strict network segmentation to isolate affected systems
Apply principle of least privilege to file system permissions and monitor for unusual file access patterns

🔍 How to Verify

Check if Vulnerable:

Check if OfflinePlayerService.exe version 4.0.6.0.2 is running and accessible on the network

Check Version:

wmic datafile where name="C:\\Path\\To\\OfflinePlayerService.exe" get version

Verify Fix Applied:

Verify service is no longer accessible or has been updated to a patched version

📡 Detection & Monitoring

Log Indicators:

Unusual file access patterns from OfflinePlayerService.exe
URL requests containing '..\' sequences

Network Indicators:

Traffic to OfflinePlayerService.exe on unusual ports
Multiple sequential file access requests

SIEM Query:

source="OfflinePlayerService.exe" AND (url="*..\\*" OR file_access="*..\\*")

📊 Metadata

CVE ID: CVE-2023-34407

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-22

Published: June 5, 2023

Last Updated: January 8, 2025

🔗 References

https://cybir.com/2023/cve/proof-of-concept-checkpoint-learning-harbinger-systems-offline-player-multiple-poc-for-cl-4-0-6-0-2-lfi-excessive-rights/ Exploit,Third Party Advisory
https://cybir.com/2023/cve/proof-of-concept-checkpoint-learning-harbinger-systems-offline-player-multiple-poc-for-cl-4-0-6-0-2-lfi-excessive-rights/ Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-34407, you might also want to check these: