Mario Keck

**Name of the Vulnerable Software and Affected Versions** PDF24 Creator version 11.14.0 **Description** An issue was discovered in the configuration of the msi installer file of PDF24 Creator, which produces a visible cmd.exe window when using the repair function of msiexec.exe. This allows an unprivileged local attacker to use a chain of actions, such as an oplock on faxPrnInst.log, to open a SYSTEM cmd.exe. The issue can be exploited for Windows privilege escalation via an oplock on a privileged read. **Recommendations** For PDF24 Creator version 11.14.0, as a temporary workaround, consider restricting access to the repair function of msiexec.exe to minimize the risk of exploitation. Additionally, avoid using the oplock on faxPrnInst.log until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.