Lockheed Martin

**Name of the Vulnerable Software and Affected Versions** 1E Client versions 8.1 through 9.0 **Description** The 1E Client installer can perform arbitrary file deletion on protected files. A non-privileged user could provide a symbolic link or Windows junction to point to a protected directory in the installer that the 1E Client would then clear on service startup. **Recommendations** For version 8.1, use hotfix Q23097. For version 8.4, use hotfix Q23105. For version 9.0, use hotfix Q23115. For SaaS customers, use 1EClient version 23.7 plus hotfix Q23121. As a temporary workaround, consider disabling the use of symbolic links or Windows junctions in the installer until a hotfix is applied.