PT-2021-9620 · Unknown · Dream Report 5

Published

2021-04-09

Updated

2022-07-30

CVE-2020-13534

CVSS v3.1

9.3

Critical

Vector

AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Dream Report 5 version 5 R20-2

Description A privilege escalation issue exists due to weak privileges in COM Class Identifiers (CLSID) installed by the software. These CLSID reference LocalServer32 and InprocServer32, which can lead to privilege escalation when used. An attacker can trigger this issue by providing a malicious file.

Recommendations For Dream Report 5 version 5 R20-2, consider restricting access to the CLSID that reference LocalServer32 and InprocServer32 to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-276

Related Identifiers

CVE-2020-13534

Affected Products

Dream Report 5

PT-2021-9620 · Unknown · Dream Report 5

CVE-2020-13534

Weakness Enumeration

Related Identifiers

Affected Products

References · 3