CVE-2023-49147: 
PDF24 Creator vulnerability analysis and mitigation

An issue was discovered in PDF24 Creator 11.14.0 and 11.15.1. The vulnerability (CVE-2023-49147) was found in the MSI installer configuration, which produces a visible cmd.exe window when using the repair function of msiexec.exe. The vulnerability was discovered on October 16, 2023, and affects PDF24 Creator versions up to 11.15.1. A fix was released in version 11.15.2 on December 8, 2023 (SEC Consult Advisory).

The vulnerability exists in the MSI installer's repair functionality. When using the repair function of msiexec.exe, the sub-process pdf24-PrinterInstall.exe gets called with SYSTEM privileges and performs a write action on the file 'C:\Program Files\PDF24\faxPrnInst.log'. The vulnerability has been assigned a CVSS v3.1 Base Score of 7.8 HIGH (Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) (NVD).

This vulnerability allows an unprivileged local attacker to escalate privileges to SYSTEM level, effectively gaining full control over the affected system. The successful exploitation enables the attacker to execute arbitrary code with the highest system privileges (SEC Consult Advisory).

The vendor has released version 11.15.2 which patches this vulnerability. Users are strongly advised to update to this version immediately. As a workaround, users can utilize the available EXE installer instead of the MSI installer (SEC Consult Advisory).