IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140047.
NVIDIA GeForce Experience, all versions prior to 3.22, contains a vulnerability in GameStream plugins where log files are created using NT/System level permissions, which may lead to code execution, denial of service, or local privilege escalation. The attacker does not have control over the consequence of a modification nor would they be able to leak information as a direct result of the overwrite.
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140044.
IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) contains a vulnerability that could allow a local user to overwrite arbitrary files owned by the DB2 instance owner. IBM X-Force ID: 140043.
A link following denial-of-service vulnerability in Trend Micro Worry-Free Business Security (on prem only) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. This is similar to, but not the same as CVE-2021-44024. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Windows Recovery Environment Agent Elevation of Privilege Vulnerability
Windows 10 Update Assistant Elevation of Privilege Vulnerability
Windows Mobile Device Management Elevation of Privilege Vulnerability
A link following denial-of-service vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Improper authorization in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker to modify sensitive configuration files.
A link following denial-of-service (DoS) vulnerability in the Trend Micro Security (Consumer) 2021 familiy of products could allow an attacker to abuse the PC Health Checkup feature of the product to create symlinks that would allow modification of files which could lead to a denial-of-service.
Improper Link Resolution Before File Access (invoked by 1EāExplorerāTachyonCoreāDeleteFileByPath instruction) in TeamViewer DEX - 1E Client before version 26.1 on Windows allows a lowāprivileged local attacker to delete protected system files via a crafted RPC control junction or symlink that is followed when the delete instruction executes.
The Mozilla Maintenance Service "helper.exe" application creates a temporary directory writable by non-privileged users. When this is combined with creation of a junction (a form of symbolic link), protected files in the target directory of the junction can be deleted by the Mozilla Maintenance Service, which has privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 52.2 and Firefox < 54.
The Mozilla Windows updater can be called by a non-privileged user to delete an arbitrary local file by passing a special path to the callback parameter through the Mozilla Maintenance Service, which has privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 45.8 and Firefox < 52.
In WIBU CodeMeter Runtime before 7.30a, creating a crafted CmDongles symbolic link will overwrite the linked file without checking permissions.
Microsoft Windows Update Client Elevation of Privilege Vulnerability
Windows Installer Denial of Service Vulnerability
Improper Link Resolution Before File Access ('Link Following') vulnerability in the EPAG component of Bitdefender Endpoint Security Tools for Windows allows a local attacker to cause a denial of service. This issue affects: Bitdefender GravityZone version 7.1.2.33 and prior versions.
Prior to SEP 12.1 RU6 MP9 & SEP 14 RU1 Symantec Endpoint Protection Windows endpoint can encounter a situation whereby an attacker could use the product's UI to perform unauthorized file deletes on the resident file system.
Windows InstallService Elevation of Privilege Vulnerability
IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a buffer overflow that could allow a local user to overwrite DB2 files or cause a denial of service. IBM X-Force ID: 120668.
Windows Update Service Elevation of Privilege Vulnerability
User Profile Service Denial of Service Vulnerability
The kernel API in Microsoft Windows Vista SP2 and Windows Server 2008 SP2 does not properly enforce permissions, which allows local users to spoof processes, spoof inter-process communication, or cause a denial of service via a crafted application, aka "Windows Kernel Elevation of Privilege Vulnerability."
Buffer overflow in backup utility of Microsoft Windows 95 allows attackers to execute arbitrary code by causing a filename with a long extension to be placed in a folder to be backed up.
Zoom VDI client installer prior to 5.14.0 contains an improper access control vulnerability. A malicious user may potentially delete local files without proper permissions.
Azure Monitor Agent Elevation of Privilege Vulnerability
Azure Network Watcher VM Agent Elevation of Privilege Vulnerability
Versions 10.0, 11.0 and 12.0 of the Trend Micro Deep Security Agent are vulnerable to an arbitrary file delete attack, which may lead to availability impact. Local OS access is required. Please note that only Windows agents are affected.
The Duo Authentication Proxy installer prior to 5.2.1 did not properly validate file installation paths. This allows an attacker with local user privileges to coerce the installer to write to arbitrary privileged directories. If successful, an attacker can manipulate files used by Duo Authentication Proxy installer, cause Denial of Service (DoS) by deleting file(s), or replace system files to potentially achieve elevation of privileges. This is only exploitable during new installations, while the installer is running, and is not exploitable once installation has finished. Versions 5.2.1 of Duo Authentication Proxy installer addresses this issue.
An insecure temporary file vulnerability in Palo Alto Networks Traps allows a local authenticated Windows user to escalate privileges or overwrite system files. This issue affects Palo Alto Networks Traps 5.0 versions before 5.0.8; 6.1 versions before 6.1.4 on Windows. This issue does not affect Cortex XDR 7.0. This issue does not affect Traps for Linux or MacOS.
The Winsock2ProtocolCatalogMutex mutex in Windows NT 4.0 has inappropriate Everyone/Full Control permissions, which allows local users to modify the permissions to "No Access" and disable Winsock network connectivity to cause a denial of service, aka the "Winsock Mutex" vulnerability.
An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks, aka 'Windows User Profile Service Elevation of Privilege Vulnerability'.
Windows Update Stack Setup Elevation of Privilege Vulnerability
NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and vGPU plugin, in which an input data size is not validated, which may lead to tampering of data or denial of service. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3).
NVIDIA vGPU software contains a vulnerability in the guest kernel mode driver and vGPU plugin, in which an input index is not validated, which may lead to tampering of data or denial of service. This affects vGPU version 8.x (prior to 8.6) and version 11.0 (prior to 11.3).
NVIDIA GeForce Experience, all versions prior to 3.21, contains a vulnerability in GameStream (rxdiag.dll) where an arbitrary file deletion due to improper handling of log files may lead to denial of service.
Azure Monitor Agent Elevation of Privilege Vulnerability
VMware Horizon Client for Windows (5.x before 5.5.0) contains a denial-of-service vulnerability due to a file system access control issue during install time. Successful exploitation of this issue may allow an attacker to overwrite certain admin privileged files through a symbolic link attack at install time. This will result into a denial-of-service condition on the machine where Horizon Client for Windows is installed.
Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 do not properly enforce AppLocker rules, which allows local users to bypass intended access restrictions via a (1) macro or (2) scripting feature in an application, as demonstrated by Microsoft Office applications and the SANDBOX_INERT and LOAD_IGNORE_CODE_AUTHZ_LEVEL flags.
<p>An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links. An attacker who successfully exploited this vulnerability could overwrite a targeted file with an elevated status.</p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and delete a targeted file with an elevated status.</p> <p>The update addresses this vulnerability by correcting where the OneDrive updater performs file writes while running with elevation.</p>
<p>An elevation of privilege vulnerability exists when Microsoft Windows improperly handles reparse points. An attacker who successfully exploited this vulnerability could overwrite or delete a targeted file that would normally require elevated permissions.</p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and overwrite or delete files.</p> <p>The security update addresses the vulnerability by correcting how Windows handles reparse points.</p>
<p>An elevation of privilege vulnerability exists when the Windows Application Compatibility Client Library improperly handles registry operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.</p> <p>To exploit the vulnerability, an attacker would first need code execution on a victim system. An attacker could then run a specially crafted application.</p> <p>The security update addresses the vulnerability by ensuring the Windows Application Compatibility Client Library properly handles registry operations.</p>
<p>An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links. An attacker who successfully exploited this vulnerability could overwrite a targeted file with an elevated status.</p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and delete a targeted file with an elevated status.</p> <p>The update addresses this vulnerability by correcting where the OneDrive updater performs file writes while running with elevation.</p>
Windows Print Spooler Elevation of Privilege Vulnerability
<p>An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links. An attacker who successfully exploited this vulnerability could overwrite a targeted file with an elevated status.</p> <p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and delete a targeted file with an elevated status.</p> <p>The update addresses this vulnerability by correcting where the OneDrive updater performs file writes while running with elevation.</p>
An elevation of privilege vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions, aka 'Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1372.
An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Defender Elevation of Privilege Vulnerability'.
A denial of service vulnerability exists in the way that the WalletService handles files, aka 'Windows WalletService Denial of Service Vulnerability'.
An elevation of privilege vulnerability exists when a Windows scheduled task improperly handles file redirections, aka 'Windows Scheduled Task Elevation of Privilege Vulnerability'.