GHSA-w78p-vwm4-m8q9HighCVSS 7.8

Punto Switcher through 4.5.0.583 contains an unquoted search path element vulnerability that...

Published
June 18, 2026
Last Modified
June 18, 2026

🔗 CVE IDs covered (1)

📋 Description

Punto Switcher through 4.5.0.583 contains an unquoted search path element vulnerability that allows local attackers to execute arbitrary code by exploiting the application's call to WinExec without a fully qualified path for RunDll32.exe when invoking shell32.dll Control_RunDLL input.dll. Attackers can place a malicious executable earlier in the search order to achieve arbitrary code execution in the context of the affected user.

🔗 References (5)