PT-2021-23063 · Listary · Listary

Published

2021-12-14

Updated

2021-12-20

CVE-2021-41066

CVSS v2.0

7.6

High

Vector

AV:N/AC:H/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Listary versions through 6

Description An issue was discovered in Listary when it is configured as admin. Listary will not ask for permissions again if a user tries to access files on the system from Listary itself, bypassing UAC protection due to the lack of privilege validation of the current user that runs via Listary.

Recommendations For Listary versions through 6, consider disabling the admin configuration in Listary until a patch is available to prevent bypassing UAC protection. Restrict access to system files from Listary to minimize the risk of exploitation.

Exploit

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2021-41066

Affected Products

Listary

PT-2021-23063 · Listary · Listary

CVE-2021-41066

Weakness Enumeration

Related Identifiers

Affected Products

References · 7