CVE-2020-10143

Name of the Vulnerable Software and Affected Versions Macrium Reflect (affected versions not specified)

Description The issue concerns a privileged service in Macrium Reflect that utilizes an OpenSSL component. This component specifies an OPENSSLDIR variable as C:openssl. Since unprivileged Windows users can create subdirectories off the system root, an attacker can create a specially-crafted openssl.cnf file to achieve arbitrary code execution with SYSTEM privileges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.