CVE-2023-45799 – This vulnerability in MLSoft TCO!stream allows ... (How to Fix)

Q: What is the severity of CVE-2023-45799?

CVE-2023-45799 has a CVSS score of 7.2 (HIGH). This vulnerability in MLSoft TCO!stream allows attackers to trick victims into downloading and executing arbitrary files due to insufficient permission validation. It affects all users of TCO!stream versions 8.0.22.1115 and below, potentially leading to remote code execution.

📋 TL;DR

This vulnerability in MLSoft TCO!stream allows attackers to trick victims into downloading and executing arbitrary files due to insufficient permission validation. It affects all users of TCO!stream versions 8.0.22.1115 and below, potentially leading to remote code execution.

💻 Affected Systems

Products:

MLSoft TCO!stream

Versions: 8.0.22.1115 and below

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: All installations with default configurations are vulnerable.

📦 What is this software?

Tco\!stream by Mlsoft

View all CVEs affecting Tco\!stream →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise through remote code execution, data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Malware installation, credential theft, or unauthorized access to sensitive data through file execution.

🟢

If Mitigated

Limited impact if network segmentation, application allowlisting, and user awareness training are implemented.

🌐 Internet-Facing: HIGH - Attackers can exploit this remotely to compromise systems.

🏢 Internal Only: HIGH - Internal attackers or compromised accounts can exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability requires user interaction (victim downloading/executing), but exploitation is straightforward once the malicious file is delivered.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version above 8.0.22.1115

Vendor Advisory: https://www.boho.or.kr/kr/bbs/view.do?bbsId=B0000133&nttId=71008&menuNo=205020

Restart Required: Yes

Instructions:

1. Download the latest version from MLSoft. 2. Backup current configuration. 3. Install the update. 4. Restart the TCO!stream service. 5. Verify functionality.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate TCO!stream servers from critical systems and limit internet access.

Application Control

windows

Implement application allowlisting to prevent execution of unauthorized files.

🧯 If You Can't Patch

Implement strict network segmentation to isolate vulnerable systems
Deploy endpoint detection and response (EDR) solutions to monitor for suspicious file execution

🔍 How to Verify

Check if Vulnerable:

Check TCO!stream version in application settings or About dialog.

Check Version:

Check application GUI or registry: HKEY_LOCAL_MACHINE\SOFTWARE\MLSoft\TCO!stream

Verify Fix Applied:

Verify version is above 8.0.22.1115 and test file download/execution functionality.

📡 Detection & Monitoring

Log Indicators:

Unexpected file downloads via TCO!stream
Execution of unfamiliar executables from TCO!stream directories

Network Indicators:

Unusual outbound connections from TCO!stream servers
File downloads from suspicious sources

SIEM Query:

source="TCO!stream" AND (event="file_download" OR event="execute") AND file_extension IN ("exe", "bat", "ps1")

📊 Metadata

CVE ID: CVE-2023-45799

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-494

Published: October 30, 2023

Last Updated: November 21, 2024

🔗 References

https://www.boho.or.kr/kr/bbs/view.do?bbsId=B0000133&nttId=71008&menuNo=205020 Third Party Advisory
https://www.boho.or.kr/kr/bbs/view.do?bbsId=B0000133&nttId=71008&menuNo=205020 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-45799, you might also want to check these: