PT-2021-23062 · Microsoft · Windows 10

Published

2021-12-14

Updated

2021-12-20

CVE-2021-41065

CVSS v3.1

7.3

High

Vector

AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Listary versions through 6

Description An issue was discovered that allows an attacker to create a named pipe and wait for a privileged user to open a session on the host where Listary is installed. Listary will automatically access the named pipe, enabling the attacker to duplicate the victim's token and impersonate them. This issue is valid in certain Windows versions, although Microsoft has patched it in later Windows 10 builds.

Recommendations For Listary versions through 6, consider disabling the named pipe functionality as a temporary workaround until a patch is available. Restrict access to the .pipeListary.listaryService named pipe to minimize the risk of exploitation.

Exploit

Fix

Exposure of Resource to Wrong Sphere

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-668

Related Identifiers

CVE-2021-41065

Affected Products

Windows 10

PT-2021-23062 · Microsoft · Windows 10

CVE-2021-41065

Weakness Enumeration

Related Identifiers

Affected Products

References · 5