WriteRegistry function in TSSServiSign component does not filter and verify users’ input, remote attackers can rewrite to the registry without permissions thus perform hijack attacks to execute arbitrary code.
References
Link | Resource |
---|---|
https://www.twcert.org.tw/tw/cp-132-5093-76f04-1.html | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: twcert
Published: 2021-09-15T00:00:00
Updated: 2021-09-15T19:10:22
Reserved: 2021-08-02T00:00:00
Link: CVE-2021-37909
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-09-15T19:15:09.873
Modified: 2021-09-28T14:33:21.167
Link: CVE-2021-37909
JSON object: View
Redhat Information
No data.
CWE