Lukesec

**Name of the Vulnerable Software and Affected Versions** GPMAW 14 (affected versions not specified) **Description** GPMAW 14, a bioinformatics software, exhibits a critical issue stemming from insecure file permissions within its installation directory. The directory allows all users full read, write, and execute permissions, enabling manipulation of files, including executables such as `GPMAW3.exe`, `Fragment.exe`, and the uninstaller `GPsetup64 17028.exe`. An attacker with user-level access can replace or modify the uninstaller with a malicious version. Because the uninstaller is executed with administrative privileges, this could lead to privilege escalation and arbitrary code execution in the context of an administrator. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.