Name of the Vulnerable Software and Affected Versions: Burn versions (affected versions not specified)

Description: The issue concerns an Elevation of Privilege Vulnerability where a low-privileged user can hijack binaries in an unprotected path, specifically the C:WindowsTemp directory, to elevate to the SYSTEM user privileges. This directory is not entirely protected against low-privilege users, allowing them to create files and write to this directory. Although they do not have explicit read permissions, they can monitor changes to this directory using the ReadDirectoryChangesW API, enabling them to figure out randomized folder names created inside this directory. The vulnerability can be exploited by a standard user running a Proof of Concept (PoC) against the Visual Studio Enterprise with Update 3 installer, resulting in the hijacking of binaries dropped by the installer and the execution of a child process, such as notepad.exe, with elevated privileges.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.