Alan Mccarty

Name of the Vulnerable Software and Affected Versions: Dantz Retrospect Client version 5.0.540 Dantz Retrospect Client (affected versions not specified, possibly other versions than 5.0.540) Description: The issue allows local users to gain privileges as other users by replacing programs with malicious code due to world-writable permissions on critical directories and files created during the installation of the software. Recommendations: For version 5.0.540, consider changing the permissions of the critical directories and files to prevent world-writable access until a patch is available. For other possibly affected versions, at the moment, there is no information about a newer version that contains a fix for this issue.