KioWare for Windows (versions all through 8.34) allows to escape the environment by downloading PDF files, which then by default are opened in an external PDF viewer. By using built-in functions of that viewer it is possible to launch a web browser, search through local files and, subsequently, launch any program with user privileges.
The product does not sufficiently protect all possible paths that a user can take to access restricted functionality or resources.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Kioware | Kioware | * | 8.34 (including) |