CVE-2018-5349

Name of the Vulnerable Software and Affected Versions Heimdal PRO version 2.2.190 Heimdal FREE (affected versions not specified) Heimdal CORP (affected versions not specified)

Description A vulnerability has been found that allows for privilege escalation due to faulty permissions on the directory "C:ProgramDataHeimdal SecurityHeimdal Agent". This directory allows BUILTINUsers to write new files, and on startup, the process Heimdal.MonitorServices.exe running as SYSTEM attempts to load version.dll from this directory. An attacker can exploit this by placing a malicious version.dll in the directory.

Recommendations For Heimdal PRO version 2.2.190: Update the permissions on the "C:ProgramDataHeimdal SecurityHeimdal Agent" directory to prevent BUILTINUsers from writing new files. For Heimdal FREE and Heimdal CORP: At the moment, there is no information about a newer version that contains a fix for this vulnerability.