CVE-2022-48221

Name of the Vulnerable Software and Affected Versions Acuant AcuFill SDK versions prior to 10.22.02.03

Description The issue allows a standard user to elevate privileges to full SYSTEM code execution. This is achieved through a race condition and OpLock manipulation, enabling a standard user to overwrite files that are then executed by the elevated installer. The files in question are Multiple MSI's that get executed out of a standard-user writable directory.

Recommendations For versions prior to 10.22.02.03, update to version 10.22.02.03 or later to resolve the issue. As a temporary workaround, consider restricting access to the standard-user writable directory where the MSI's are executed to minimize the risk of exploitation.