PT-2019-3192 · Microsoft · Compatibility Appraiser+1

Publicado

2019-09-10

Atualizado

2021-07-21

CVE-2019-1267

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Microsoft Compatibility Appraiser (affected versions not specified)

Description The issue is related to an elevation of privilege vulnerability in Microsoft Compatibility Appraiser. It involves errors in handling symbolic links, which can be exploited by an attacker to elevate their privileges using a specially crafted application. The vulnerability can be exploited locally.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

LPE

Link Following

Improper Privilege Management

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-59CWE-269

Identificadores relacionados

BDU:2019-03181

CVE-2019-1267

Produtos afetados

Compatibility Appraiser

Windows

PT-2019-3192 · Microsoft · Compatibility Appraiser+1

CVE-2019-1267

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6