CVE-2023-37646: 
Bitberry File Opener vulnerability analysis and mitigation

A directory traversal vulnerability was discovered in Bitberry File Opener version 23.0, identified as CVE-2023-37646. The vulnerability exists in the CAB file extraction function, which allows attackers to execute directory traversal attacks. This vulnerability was disclosed on July 10, 2023, and affects the core functionality of the file opening software (CVE Details, NVD).

The vulnerability has been assigned a CVSS v3.1 Base Score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The issue stems from improper validation of file paths embedded in CAB files during the extraction process. When concatenating a file path from the CAB file to the current directory, the application fails to properly sanitize or validate the path, leading to directory traversal. This vulnerability has been classified under CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) (NVD).

The vulnerability allows attackers to write arbitrary files into the startup folder through crafted CAB files. This capability can ultimately lead to remote code execution when a user opens a maliciously crafted file. The high CVSS score reflects the severe potential impact on system confidentiality, integrity, and availability (GitHub Advisory).

Users of Bitberry File Opener v23.0 should exercise caution when opening CAB files from untrusted sources. As this is a security vulnerability in a core function of the software, users should monitor the vendor's website for security updates and patches (Bitberry).