CVE-2016-10072

Name of the Vulnerable Software and Affected Versions WampServer version 3.0.6

Description The issue concerns two files, wampmanager.exe and unins000.exe, which have a weak ACL for Modify. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. To exploit this, the local attacker must replace the original files with an executable file of the same name. When a more privileged user launches one of these programs, malicious code chosen by the local attacker will run.

Recommendations For WampServer version 3.0.6, consider restricting access to the files wampmanager.exe and unins000.exe to prevent unauthorized modifications until a proper fix is available. Additionally, ensure that only trusted users have the ability to replace or modify these files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.