CVE-2017-7180

Name of the Vulnerable Software and Affected Versions Net Monitor for Employees Pro versions 5.3.4 and earlier

Description The issue allows a Security Feature Bypass of the "Block applications" design goal. A local attacker with privileges to write to program.exe in a protected directory, such as the %SYSTEMDRIVE% directory, can exploit this. The goal of the attacker might be to execute program.exe even though it is a blocked application.

Recommendations For Net Monitor for Employees Pro versions 5.3.4 and earlier, consider restricting write access to the program.exe file in protected directories to minimize the risk of exploitation. As a temporary workaround, consider implementing additional access controls to prevent the execution of blocked applications until a fix is available.