Fabian Duschek

Name of the Vulnerable Software and Affected Versions: G DATA Security Client versions are not explicitly specified in the provided descriptions. Description: The issue is related to incorrect assignment of privileges to directories in G DATA Security Client, allowing a local, unprivileged attacker to escalate privileges on affected installations. This is achieved by placing an arbitrary executable in a globally writable directory, which results in execution by the SetupSVC.exe service in the context of SYSTEM. No information is provided about the estimated number of potentially affected devices or real-world incidents. Recommendations: No specific versions of G DATA Security Client are mentioned, thus no explicit recommendations can be provided based on the given input data.

Name of the Vulnerable Software and Affected Versions: G DATA Management Server versions are not explicitly specified in the provided sources. Description: The issue is related to incorrect assignment of privileges of temporary files in the update mechanism, allowing a local, unprivileged attacker to escalate privileges by placing a crafted ZIP archive in a globally writable directory. This results in arbitrary file write in the context of SYSTEM. Recommendations: No specific versions of G DATA Management Server are mentioned, thus no explicit recommendations can be provided based on the given data.