PT-2018-11518 · Microsoft+2 · Internet Explorer+3

Chad Baxter

Published

2018-08-03

Updated

2019-10-03

CVE-2018-12989

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Pearson VUE Certiport Console versions prior to 2018-06-26 IQSystem versions prior to 2018-06-26

Description The issue concerns the report-viewing feature mishandling child processes, leading to the launch of Internet Explorer or Microsoft Edge as Administrator. This allows local users to gain privileges.

Recommendations For Pearson VUE Certiport Console versions prior to 2018-06-26, update to a version released after 2018-06-26 to resolve the issue. For IQSystem versions prior to 2018-06-26, update to a version released after 2018-06-26 to resolve the issue.

Fix

Improper Preservation of Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-281

Related Identifiers

CVE-2018-12989

Affected Products

Iqsystem

Internet Explorer

Edge

Pearson Vue Certiport Console

PT-2018-11518 · Microsoft+2 · Internet Explorer+3

CVE-2018-12989

Weakness Enumeration

Related Identifiers

Affected Products

References · 4