Micro Star International · Msi Center Pro · CVE-2024-50804
Name of the Vulnerable Software and Affected Versions:
Micro-star International MSI Center Pro version 2.1.37.0
Description:
The issue allows a local attacker to execute arbitrary code via the `Device DeviceID.dat.bak` file within the `C:ProgramDataMSIOne Dragon CenterData` folder. This is due to an Insecure Permissions vulnerability.
Recommendations:
For Micro-star International MSI Center Pro version 2.1.37.0, consider restricting access to the `C:ProgramDataMSIOne Dragon CenterData` folder to minimize the risk of exploitation.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.