CVE-2017-7180 - CERT CVE
ID CVE-2017-7180
Sažetak Net Monitor for Employees Pro through 5.3.4 has an unquoted service path, which allows a Security Feature Bypass of its documented "Block applications" design goal. The local attacker must have privileges to write to program.exe in a protected directory, such as the %SYSTEMDRIVE% directory, and thus the issue is not interpreted as a direct privilege escalation. However, the local attacker might have the goal of executing program.exe even though program.exe is a blocked application.
Reference
CVSS
Base: 6.9
Impact: 10.0
Exploitability:3.4
Pristup
VektorSloženostAutentikacija
LOCAL MEDIUM NONE
Impact
PovjerljivostCjelovitostDostupnost
COMPLETE COMPLETE COMPLETE
CVSS vektor AV:L/AC:M/Au:N/C:C/I:C/A:C
Zadnje važnije ažuriranje 25-05-2021 - 21:14
Objavljeno 08-06-2017 - 12:29