Dhn

**Nome do software vulnerável e versões afetadas** Comodo Internet Security Pro (versões afetadas não especificadas) **Descrição** Esta vulnerabilidade permite que invasores locais obtenham privilégios elevados nas instalações afetadas. Para explorar essa vulnerabilidade, o invasor deve primeiro obter a capacidade de executar código com privilégios reduzidos no sistema alvo. A falha específica existe no mecanismo de atualização, resultante da falta de validação adequada de um caminho fornecido pelo usuário antes de usá-lo em operações de arquivo. Um invasor pode aproveitar essa vulnerabilidade para escalar privilégios e executar código arbitrário no contexto do SYSTEM. **Recomendações** No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** VIPRE Antivirus Plus (affected versions not specified) **Description** This issue allows local attackers to escalate privileges on affected installations of VIPRE Antivirus Plus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this issue. The specific flaw exists within the Anti Malware Service. By creating a symbolic link, an attacker can abuse the service to create arbitrary files. An attacker can leverage this issue to escalate privileges and execute arbitrary code in the context of SYSTEM. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** G Data Total Security (affected versions not specified) **Description** This issue allows local attackers to escalate privileges on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system. The flaw exists within the G DATA Backup Service, where creating a symbolic link can be used to create arbitrary files, leading to privilege escalation and execution of arbitrary code in the context of SYSTEM. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** STRATO HiDrive Desktop Client versions 5.0.1.0 Telekom MagentaCLOUD versions through 5.7.0.0 1&1 Online Storage versions through 6.1.0.0 **Description** The issue concerns a SYSTEM privilege escalation through the HiDriveMaintenanceService service, which establishes a NetNamedPipe endpoint. This allows applications to connect and call publicly exposed methods, enabling an attacker to inject and execute code by hijacking the insecure communications with the service. **Recommendations** For STRATO HiDrive Desktop Client version 5.0.1.0, consider disabling the HiDriveMaintenanceService service until a patch is available. For Telekom MagentaCLOUD versions through 5.7.0.0, restrict access to the NetNamedPipe endpoint to minimize the risk of exploitation. For 1&1 Online Storage versions through 6.1.0.0, avoid using the publicly exposed methods in the HiDriveMaintenanceService service until the issue is resolved.