PT-2020-12726 · Mids · Mids' Reborn Hero Designer

Published

2020-06-11

Updated

2021-07-21

CVE-2020-11613

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Mids' Reborn Hero Designer version 2.6.0.7

Description The issue arises from default and insecure permissions set for the installation folder, allowing the Authenticated Users group to have Modify permissions. This enables any user on the system to replace binaries or plant malicious DLLs, potentially obtaining elevated or different privileges depending on the context of the user running the application.

Recommendations For version 2.6.0.7, consider restricting the permissions of the installation folder to prevent unauthorized access and modifications, specifically removing the Modify permissions for the Authenticated Users group. As a temporary workaround, restrict access to the installation directory to minimize the risk of exploitation.

Exploit

Fix

Incorrect Permission

Uncontrolled Search Path Element

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732CWE-427

Related Identifiers

CVE-2020-11613

Affected Products

Mids' Reborn Hero Designer

PT-2020-12726 · Mids · Mids' Reborn Hero Designer

CVE-2020-11613

Weakness Enumeration

Related Identifiers

Affected Products

References · 4