漏洞标题
万兴Dr.Fone权限提升漏洞
漏洞描述信息
在Wondershare Dr.Fone 13.5.21版本中发现了一个权限提升漏洞。此漏洞可能会允许攻击者通过替换二进制文件“C:\ProgramData\Wondershare\wsServices\ElevationService.exe”为恶意二进制文件来提升权限。该二进制文件将被自动以SYSTEM权限执行。
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
漏洞类别
对搜索路径元素未加控制
漏洞标题
Wondershare Dr.Fone Privilege Scalation Vulnerability
漏洞描述信息
Privilege escalation vulnerability has been found in Wondershare Dr.Fone version 13.5.21. This vulnerability could allow an attacker to escalate privileges by replacing the binary ‘C:\ProgramData\Wondershare\wsServices\ElevationService.exe’ with a malicious binary. This binary will be executed by SYSTEM automatically.
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
漏洞类别
特权管理不恰当