Name of the Vulnerable Software and Affected Versions Линтер Бастион (affected versions not specified)

Description The issue arises when the "loltp.exe" module is not installed during the setup of the Линтер Бастион database management system. An attacker can place any executable file named "loltp.exe" in a directory that will be browsed by the executable loader. Then, using an RPC call with number 0x1A ("0x0040DB0F") or 0x08 ("0x0040AB4E"), the attacker can force linstmgr.exe to execute this file, launching the Линтер Бастион database management system core with the "/OLTP" parameter.

Recommendations As a temporary workaround, consider restricting access to the directory where the "loltp.exe" file is located to prevent an attacker from placing a malicious executable file. Avoid using the RPC calls with numbers 0x1A ("0x0040DB0F") or 0x08 ("0x0040AB4E") until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.