How severe is CVE-2024-5924?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2024-5924?

This is classified as CWE-693, which is a common weakness in software security.

CVE-2024-5924 - HIGH Severity | CVSS 8.8

Vulnerability Description

Dropbox Desktop Folder Sharing Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of Dropbox Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of shared folders. When syncing files from a shared folder belonging to an untrusted account, the Dropbox desktop application does not apply the Mark-of-the-Web to the local files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. Was ZDI-CAN-23991.

Related Vulnerabilities

CVE-2017-10952

HIGH

CVSS:8.8(High)

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.2.0.2051. User interaction is required to exploit this vulnerability in that the targ...

CWE-6932017

CVE-2018-1170

HIGH

CVSS:8.8(High)

This vulnerability allows adjacent attackers to inject arbitrary Controller Area Network messages on vulnerable installations of Volkswagen Customer-Link App 1.30 and HTC Customer-Link Bridge. Authent...

CWE-6932018

CVE-2018-14280

HIGH

CVSS:8.8(High)

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the targ...

CWE-6932018

CVE-2018-14281

HIGH

CVSS:8.8(High)

CWE-6932018

CVE-2019-13516

HIGH

CVSS:8.8(High)

In OSIsoft PI Web API and prior, the affected product is vulnerable to a direct attack due to a cross-site request forgery protection setting that has not taken effect.

CWE-6932019

CVE-2021-31982

HIGH

CVSS:8.8(High)

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

CWE-6932021