CVE-2020-15264

Name of the Vulnerable Software and Affected Versions Boxstarter versions prior to 2.13.0 Boxstarter versions prior to 3.13.0 is not necessary as 2.13.0 is already mentioned as the fixed version in the context, so we consider versions prior to 2.13.0

Description The issue arises from the Boxstarter installer configuring a directory to be in the system-wide PATH environment variable, which is writable by normal, unprivileged users. This allows an attacker to place a malicious DLL in the directory, such as WptsExtensions.dll, that a privileged service is looking for. When Windows starts, it executes the code in DllMain() with SYSTEM privileges, enabling any unprivileged user to execute code with SYSTEM privileges.

Recommendations For versions prior to 2.13.0, update to version 2.13.0 or later to resolve the issue. As a temporary workaround, consider restricting write access to the C:ProgramDataBoxstarter directory to prevent exploitation.