By default, dedicated folders of CRYHOD for Windows up to 2024.3 can be accessed by other users to misuse technical files and make them perform tasks with higher privileges. Configuration of CRYHOD has to be modified to prevent this vulnerability.
SoftPerfect NetWorx 7.1.1 on Windows allows an attacker to execute a malicious binary with potentially higher privileges via a low-privileged user account that abuses the Notifications function. The Notifications function allows for arbitrary binary execution and can be modified by any user. The resulting binary execution will occur in the context of any user running NetWorx. If an attacker modifies the Notifications function to execute a malicious binary, the binary will be executed by every user running NetWorx on that system.
A registry permissions vulnerability in the Trend Micro Apex One Data Loss Prevention (DLP) module could allow a local attacker with administrative credentials to bypass certain elements of the product's anti-tampering mechanisms on affected installations. Please note: an attacker must first obtain administrative credentials on the target system in order to exploit this vulnerability.
An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. The product's webserver runs as a Windows service with local SYSTEM permissions by default. This is against the principle of least privilege. An attacker who is able to exploit CVE-2019-19458 or CVE-2019-19459 is basically able to write to every single path on the file system, because the webserver is running with the highest privileges available.
Improper permissions in the installer for the Intel(R) RealSense(TM) D400 Series UWP driver for Windows* 10 may allow an authenticated user to potentially enable escalation of privilege via local access.
An issue in the installer of gvim 9.0.0000 allows authenticated attackers to execute arbitrary code via a binary hijacking attack on C:\Program.exe.
Sensitive information disclosure due to insecure registry permissions. The following products are affected: Acronis Agent (Windows) before build 30025, Acronis Cyber Protect 15 (Windows) before build 30984.
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Agent (Windows) before build 30161, Acronis Cyber Protect 15 (Windows) before build 30984.
Improper permissions in the installer for the Nuvoton* CIR Driver versions 1.02.1002 and before may allow an authenticated user to potentially enable escalation of privilege via local access.
A vulnerability in the exacqVision Enterprise System Manager (ESM) v5.12.2 application whereby unauthorized privilege escalation can potentially be achieved. This vulnerability impacts exacqVision ESM v5.12.2 and all prior versions of ESM running on a Windows operating system. This issue does not impact any Windows Server OSs, or Linux deployments with permissions that are not inherited from the root directory. Authorized Users have ‘modify’ permission to the ESM folders, which allows a low privilege account to modify files located in these directories. An executable can be renamed and replaced by a malicious file that could connect back to a bad actor providing system level privileges. A low privileged user is not able to restart the service, but a restart of the system would trigger the execution of the malicious file. This issue affects: Exacq Technologies, Inc. exacqVision Enterprise System Manager (ESM) Version 5.12.2 and prior versions; This issue does not affect: Exacq Technologies, Inc. exacqVision Enterprise System Manager (ESM) 19.03 and above.
Incorrect default permissions in the Intel(R) SDP Tool for Windows software all versions may allow an authenticated user to enable escalation of privilege via local access.
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to read and write specific files due to weak file permissions. IBM X-Force ID: 192469.
NVIDIA JetPack SDK, version 4.2 and 4.3, contains a vulnerability in its installation scripts in which permissions are incorrectly set on certain directories, which can lead to escalation of privileges.
IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 could allow an authenticated user could manipulate cookie information and remove or add modules from the cookie to access functionality not authorized to. IBM X-Force ID: 175638.
Adobe Genuine Integrity Service versions Version 6.4 and earlier have an insecure file permissions vulnerability. Successful exploitation could lead to privilege escalation.
Incorrect Default Permissions vulnerability in Hitachi JP1/Performance Management on Windows allows File Manipulation.This issue affects JP1/Performance Management - Manager: from 09-00 before 12-50-07; JP1/Performance Management - Base: from 09-00 through 10-50-*; JP1/Performance Management - Agent Option for Application Server: from 11-00 before 11-50-16; JP1/Performance Management - Agent Option for Enterprise Applications: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for HiRDB: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for IBM Lotus Domino: from 10-00 before 11-50-16; JP1/Performance Management - Agent Option for Microsoft(R) Exchange Server: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for Microsoft(R) Internet Information Server: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for Microsoft(R) SQL Server: from 09-00 before 12-50-07; JP1/Performance Management - Agent Option for Oracle: from 09-00 before 12-10-08; JP1/Performance Management - Agent Option for Platform: from 09-00 before 12-50-07; JP1/Performance Management - Agent Option for Service Response: from 09-00 before 11-50-16; JP1/Performance Management - Agent Option for Transaction System: from 11-00 before 12-00-14; JP1/Performance Management - Remote Monitor for Microsoft(R) SQL Server: from 09-00 before 12-50-07; JP1/Performance Management - Remote Monitor for Oracle: from 09-00 before 12-10-08; JP1/Performance Management - Remote Monitor for Platform: from 09-00 before 12-10-08; JP1/Performance Management - Remote Monitor for Virtual Machine: from 10-00 before 12-50-07; JP1/Performance Management - Agent Option for Domino: from 09-00 through 09-00-*; JP1/Performance Management - Agent Option for IBM WebSphere Application Server: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for IBM WebSphere MQ: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for JP1/AJS3: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for OpenTP1: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for Oracle WebLogic Server: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for uCosminexus Application Server: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for Virtual Machine: from 09-00 through 09-01-*.
Incorrect Default Permissions vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Analytics probe component), Hitachi Ops Center Analyzer on Linux (Analyzer probe component), Hitachi Ops Center Viewpoint on Linux (Viewpoint RAID Agent component) allows local users to read and write specific files. This issue affects Hitachi Infrastructure Analytics Advisor: from 2.0.0-00 through 4.4.0-00; Hitachi Ops Center Analyzer: from 10.0.0-00 before 10.9.0-00; Hitachi Ops Center Viewpoint: from 10.8.0-00 before 10.9.0-00.
The Microsoft Windows Installer for Atlassian Bitbucket Server and Data Center before version 6.10.9, 7.x before 7.6.4, and from version 7.7.0 before 7.10.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
An elevation of privilege vulnerability exists in Active Directory Forest trusts due to a default setting that lets an attacker in the trusting forest request delegation of a TGT for an identity from the trusted forest, aka 'Active Directory Elevation of Privilege Vulnerability'.
Incorrect Default Permissions on C:\Programdata\Secdo\Logs folder in Secdo allows local authenticated users to overwrite system files and gain escalated privileges. This issue affects all versions Secdo for Windows.
An elevation of privilege vulnerability exists in Windows Setup in the way it handles permissions. A locally authenticated attacker could run arbitrary code with elevated system privileges. After successfully exploiting the vulnerability, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The security update addresses the vulnerability by ensuring Windows Setup properly handles permissions.
Exploiting Incorrectly Configured Access Control Security Levels vulnerability in McAfee Data Loss Prevention (DLP) for Windows versions prior to 10.0.505 and 11.0.405 allows local users to bypass DLP policy via editing of local policy files when offline.
A vulnerability, which was classified as critical, was found in European Chemicals Agency IUCLID 7.10.3 on Windows. Affected is an unknown function of the file iuclid6.exe of the component Desktop Installer. The manipulation leads to incorrect default permissions. The attack needs to be approached locally. VDB-251670 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Automox Agent before 32 on Windows incorrectly sets permissions on a temporary directory.
Microsoft Defender Security Feature Bypass Vulnerability
Incorrect default permissions in the Intel(R) RealSense(TM) D400 Series Dynamic Calibration Tool before version 2.11, may allow an authenticated user to potentially enable escalation of privilege via local access.
The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event-subscription URL, aka the CallStranger issue.
Insecure inherited permissions in the HotKey Services for some Intel(R) NUC P14E Laptop Element software for Windows 10 before version 1.1.44 may allow an authenticated user to potentially enable escalation of privilege via local access.
In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could execute code with SYSTEM privilege.
IBM Sterling B2B Integrator Standard Edition 6.1.0.0 through 6.1.1.1, and 6.1.2.0 could allow an authenticated user to perform actions they should not have access to due to improper permission controls. IBM X-Force ID: 235597.
A vulnerability on Trend Micro HouseCall version 1.62.1.1133 and below could allow a local attacker to escalate privlieges due to an overly permissive folder om the product installer.
Incorrect Default Permissions vulnerability in Hitachi Ops Center Analyzer on Windows (Hitachi Ops Center Analyzer RAID Agent component) allows local users to read and write specific files.This issue affects Hitachi Ops Center Analyzer: from 10.9.0-00 before 10.9.0-01.
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Agent (Windows) before build 30430, Acronis Cyber Protect 15 (Windows) before build 30984.
Atera Agent through 1.8.3.6 on Windows Creates a Temporary File in a Directory with Insecure Permissions.
Xampp for Windows v8.1.4 and below was discovered to contain insecure permissions for its install directory, allowing attackers to execute arbitrary code via overwriting binaries located in the directory.
IDrive before 6.7.3.19 on Windows installs by default to %PROGRAMFILES(X86)%\IDriveWindows with weak folder permissions granting any user modify permission (i.e., NT AUTHORITY\Authenticated Users:(OI)(CI)(M)) to the contents of the directory and its sub-folders. In addition, the program installs a service called IDriveService that runs as LocalSystem. Thus, any standard user can escalate privileges to NT AUTHORITY\SYSTEM by substituting the service's binary with a malicious one.
The Mozilla Maintenance Service "helper.exe" application creates a temporary directory writable by non-privileged users. When this is combined with creation of a junction (a form of symbolic link), protected files in the target directory of the junction can be deleted by the Mozilla Maintenance Service, which has privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 52.2 and Firefox < 54.
Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to bypass Device Guard User Mode Code Integrity (UMCI) policies due to Internet Explorer failing to validate UMCI policies, aka "Internet Explorer Security Feature Bypass Vulnerability".
A vulnerability has been identified in the Ivanti Secure Access Windows client, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to various security risks, including the escalation of privileges, denial of service, or information disclosure.
Incorrect default permissions in the Audio Service for some Intel(R) NUC P14E Laptop Element software for Windows 10 before version 1.0.0.156 may allow an authenticated user to potentially enable escalation of privilege via local access.
An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to load a DLL with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.