EUVD-2026-23916
GHSA-62jj-2mw3-wfp2
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Insecure Permissions vulnerability in DeepCool DeepCreative v.1.2.7 and before allows a local attacker to execute arbitrary code via a crafted file
AnalysisAI
Local privilege escalation in DeepCool DeepCreative software version 1.2.7 and earlier allows unauthenticated attackers to execute arbitrary code with elevated privileges through malicious file processing. The vulnerability stems from insecure permission configuration (CWE-277) requiring user interaction to open a crafted file. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Identify all DeepCreative installations across the organization using inventory tools and isolate systems running version 1.2.7 or earlier from network file shares. Within 7 days: Implement application whitelisting or disable DeepCreative until an update is available; distribute user advisory prohibiting opening DeepCreative files from untrusted sources. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today