PT-2018-11518 · Microsoft+2 · Internet Explorer+3

Chad Baxter

Publicado

2018-08-03

Atualizado

2019-10-03

CVE-2018-12989

CVSS v2.0

7.2

Alta

Vetor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Pearson VUE Certiport Console versions prior to 2018-06-26 IQSystem versions prior to 2018-06-26

Description The issue concerns the report-viewing feature mishandling child processes, leading to the launch of Internet Explorer or Microsoft Edge as Administrator. This allows local users to gain privileges.

Recommendations For Pearson VUE Certiport Console versions prior to 2018-06-26, update to a version released after 2018-06-26 to resolve the issue. For IQSystem versions prior to 2018-06-26, update to a version released after 2018-06-26 to resolve the issue.

Correção

Improper Preservation of Permissions

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-281

Identificadores relacionados

CVE-2018-12989

Produtos afetados

Iqsystem

Internet Explorer

Edge

Pearson Vue Certiport Console

PT-2018-11518 · Microsoft+2 · Internet Explorer+3

CVE-2018-12989

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4