PT-2014-8558 · Estsoft · Alupdate

Published

2014-11-03

Updated

2017-09-08

CVE-2014-8494

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions ESTsoft ALUpdate version 8.5.1.0.0

Description The issue concerns weak permissions set for the AlUpdate folder and AlUpdate.exe, allowing local users to gain privileges through a Trojan horse file. This could potentially lead to unauthorized access and control.

Recommendations For ESTsoft ALUpdate version 8.5.1.0.0, consider restricting access to the AlUpdate folder and AlUpdate.exe to prevent local users from exploiting the weak permissions and gaining unauthorized privileges.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2014-8494

Affected Products

Alupdate

PT-2014-8558 · Estsoft · Alupdate

CVE-2014-8494

Weakness Enumeration

Related Identifiers

Affected Products

References · 4