Knowledge Base
All KB
Documents DT Documents
Articles & FAQs AR Articles
Trouble Reports TR Trouble Reports
Software Updates SU Software Updates
Searching in : Trouble report
ID:TR07V11184
Added on: 2024-07-17
Last Update: 2024-08-02
Solved in version: 8.12.13 - 7.15.6
Platform: All Windows Platforms
Product: NoMachine Server
Severity: Critical
Status: Solved
Print this article

Incorrect permissions in the installation directory on Windows (CVE-2024-7253)

The following problem has been reported by https://www.zerodayinitiative.com/advisories/ZDI-24-1042/ and assigned with CVE-2024-7253.


Permissions of folder C:\ProgramData\NoMachine\nxserver are too wide and unprivileged users could inject a .dll to execute malicious code during the the loading of the nxserver service.

 

 

This issue affected both NoMachine v8 and v7 and has been solved in v8.12.13 (https://kb.nomachine.com/SU07V00257) and v7.15.6 (https://kb.nomachine.com/SU07V00258) respectively.

SOLVED, Released in version 8.12.13 - 7.15.6