CVE-2024-28131
📋 TL;DR
EasyRange Ver 1.41 has a path search order vulnerability where it may execute malicious files from the same folder as extracted files instead of legitimate system executables. This allows attackers to execute arbitrary code with the program's privileges. All users of EasyRange Ver 1.41 are affected.
💻 Affected Systems
- EasyRange
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise if EasyRange runs with administrative privileges, allowing attackers to install malware, steal data, or create persistent backdoors.
Likely Case
Local privilege escalation leading to unauthorized access to sensitive files, system configuration changes, or installation of additional malware.
If Mitigated
Limited impact if EasyRange runs with minimal privileges and proper application whitelisting is enforced.
🎯 Exploit Status
Exploitation requires user interaction (extracting and opening files) but the technique is well-understood for path search order vulnerabilities.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: None available
Vendor Advisory: None - developer unreachable according to JVN
Restart Required: No
Instructions:
No official patch available. Users should stop using EasyRange Ver 1.41 entirely.
🔧 Temporary Workarounds
Uninstall EasyRange
windowsCompletely remove EasyRange Ver 1.41 from all systems
Control Panel > Programs > Uninstall a program > Select EasyRange > Uninstall
Disable Explorer Integration
windowsRemove EasyRange from file associations and context menus
reg delete "HKEY_CLASSES_ROOT\*\shell\EasyRange" /f
reg delete "HKEY_CLASSES_ROOT\Directory\shell\EasyRange" /f
🧯 If You Can't Patch
- Run EasyRange with minimal user privileges (not as administrator)
- Implement application control policies to prevent execution of unauthorized binaries from user directories
🔍 How to Verify
Check if Vulnerable:
Check if EasyRange version 1.41 is installed via Control Panel or by checking the program's About dialogCheck Version:
wmic product where name="EasyRange" get versionVerify Fix Applied:
Verify EasyRange is no longer installed or has been updated to a different version📡 Detection & Monitoring
Log Indicators:
- Process creation events showing EasyRange executing from unusual locations
- File extraction events followed by executable launches from same directory
Network Indicators:
- Unusual outbound connections from EasyRange process
SIEM Query:
Process Creation where Image contains "EasyRange" and CommandLine contains user-writable paths