The updated description confirms that Hex‑Rays IDA Pro 9.2 and 9.3 before 9.3sp2 do not block Clang dependency‑file generation, enabling attackers to supply a crafted .i64 file that injects arguments into the compilation process. This injection permits writing arbitrary files into the user’s plugins directory. If the attacker controls that directory, the malicious code will be executed automatically when IDA launches, leading to arbitrary code execution and potential privilege escalation. The vulnerability, classified as CWE‑88, allows the injected arguments to write arbitrary files into the plugins directory, resulting in the same impact as described earlier.

The issue affects Hex‑Rays IDA Pro versions 9.2 and the pre‑9.3sp2 releases of 9.3. Users running these versions on any operating system are vulnerable if they open a malicious .i64 file in an environment where the plugins folder is writable.

The CVSS score of 6.5 reflects moderate severity, and the EPSS score is not available, so the probability of exploitation is not quantified. The vulnerability is not listed in the CISA KEV catalog. An attacker can exploit it by supplying a manipulated .i64 file, which is a local attack vector that requires the victim to open the file. Proper version control and verification of files are required to mitigate the threat. If the attacker succeeds, the impact could reach full system compromise.