Dr.Fone 3.0.0 allows local users to gain privileges via a Trojan horse DriverInstall.exe because %PROGRAMFILES(X86)%\Wondershare\dr.fone\Library\DriverInstaller has Full Control for BUILTIN\Users.
References
Link | Resource |
---|---|
https://drfone.wondershare.com | Product |
https://packetstormsecurity.com/files/159775/Wondershare-Dr.Fone-3.0.0-Unquoted-Service-Path.html | Exploit Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-10-31T16:14:45
Updated: 2020-10-31T16:14:45
Reserved: 2020-10-29T00:00:00
Link: CVE-2020-27992
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-11-02T21:15:30.040
Modified: 2021-07-21T11:39:23.747
Link: CVE-2020-27992
JSON object: View
Redhat Information
No data.
CWE