Login Sign Up

CVE-2023-44437

7.8 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code on Ashlar-Vellum Cobalt installations by tricking users into opening malicious files or visiting malicious pages. The flaw exists in how the software loads libraries from unsecured locations, enabling attackers to run code with the same privileges as the current process. Users of Ashlar-Vellum Cobalt who open untrusted files are affected.

💻 Affected Systems

Products:
  • Ashlar-Vellum Cobalt
Versions: Specific versions not specified in provided references - all versions before patched version are likely affected
Operating Systems: Windows, Linux, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: User interaction required - victim must open malicious file or visit malicious page

📦 What is this software?

Cobalt by Ashlar

View all CVEs affecting Cobalt →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through remote code execution, potentially leading to data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Local privilege escalation or malware installation when users open malicious files from untrusted sources.

🟢

If Mitigated

Limited impact with proper user training and file restrictions, though the vulnerability remains present.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires user interaction but is technically straightforward once malicious file is opened

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for specific patched version

Vendor Advisory: https://www.zerodayinitiative.com/advisories/ZDI-23-1595/

Restart Required: Yes

Instructions:

1. Visit Ashlar-Vellum official website
2. Download latest patched version
3. Install update following vendor instructions
4. Restart system if prompted

🔧 Temporary Workarounds

Restrict file execution from untrusted locations

all

Configure system to prevent execution of files from temporary directories and network shares

User training and file restrictions

all

Educate users to avoid opening untrusted files and implement policies to restrict file types

🧯 If You Can't Patch

  • Implement application whitelisting to prevent unauthorized executables
  • Use endpoint protection with behavior monitoring to detect exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check Ashlar-Vellum Cobalt version against vendor's patched version list

Check Version:

Check application 'About' menu or installation directory for version information

Verify Fix Applied:

Verify installation of latest patched version from vendor

📡 Detection & Monitoring

Log Indicators:

  • Unexpected DLL/library loads from unusual locations
  • Process spawning from Ashlar-Vellum Cobalt

Network Indicators:

  • Unusual outbound connections from Ashlar-Vellum process

SIEM Query:

Process creation where parent process is Ashlar-Vellum Cobalt AND command line contains suspicious library paths

📊 Metadata

CVE ID: CVE-2023-44437
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-427
Published: May 3, 2024
Last Updated: August 8, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-44437, you might also want to check these:

CVE-2025-4981 9.9

This vulnerability allows authenticated Mattermost users to write files to arbitrary locations on th...

Same vulnerability type (CWE-427)
CVE-2022-24955 9.8

CVE-2022-24955 is a DLL hijacking vulnerability in Foxit PDF software that allows attackers to execu...

Same vulnerability type (CWE-427)
CVE-2023-25143 9.8

This vulnerability in Trend Micro Apex One Server installer allows attackers to execute arbitrary co...

Same vulnerability type (CWE-427)