CVE-2020-13149

Name of the Vulnerable Software and Affected Versions Dragon Center versions prior to 2.6.2003.2401

Description The issue is related to weak permissions on the "%PROGRAMDATA%MSIDragon Center" folder in Dragon Center, which allows local authenticated users to overwrite system files and gain escalated privileges. Attack methods include changing the Recommended App binary within App.json or using this part of %PROGRAMDATA% for mounting an RPC Control directory.

Recommendations For versions prior to 2.6.2003.2401, update to version 2.6.2003.2401 or later to resolve the issue. As a temporary workaround, consider restricting access to the "%PROGRAMDATA%MSIDragon Center" folder to prevent local authenticated users from overwriting system files. Avoid using the App.json file for storing sensitive information until the issue is resolved.