漏洞标题
Windows OneDrive 特权提升漏洞
漏洞描述信息
<p>当OneDrive for Windows Desktop应用程序错误处理符号链接时,存在一个权限提升漏洞。成功利用此漏洞的攻击者可以覆盖具有提升权限的目标文件。</p>
<p>要利用此漏洞,攻击者首先必须登录到系统。然后,攻击者可以运行一个特制的应用程序来利用该漏洞并删除具有提升权限的目标文件。</p>
<p>更新通过纠正OneDrive更新程序在提升权限下执行文件写入的位置来解决此漏洞。</p>
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
漏洞类别
N/A
漏洞标题
OneDrive for Windows Elevation of Privilege Vulnerability
漏洞描述信息
<p>An elevation of privilege vulnerability exists when the OneDrive for Windows Desktop application improperly handles symbolic links. An attacker who successfully exploited this vulnerability could overwrite a targeted file with an elevated status.</p>
<p>To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and delete a targeted file with an elevated status.</p>
<p>The update addresses this vulnerability by correcting where the OneDrive updater performs file writes while running with elevation.</p>
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
漏洞类别
N/A
漏洞标题
Windows Desktop OneDrive 后置链接漏洞
漏洞描述信息
Windows OneDrive是美国Microsoft公司的一款云存储服务。 Windows Desktop OneDrive存在安全漏洞,该漏洞允许攻击者运行特制的应用程序,删除目标文件。以下产品及版本受到影响: OneDrive版本。
CVSS信息
N/A
漏洞类别
后置链接