An unquoted Windows search path vulnerability existed in the install the MOVE 4.10.x and earlier Windows install service (mvagtsce.exe).
The misconfiguration allowed an unauthorized local user to insert arbitrary code into the unquoted service path to obtain privilege escalation and stop antimalware services.
References
Link | Resource |
---|---|
https://kcm.trellix.com/corporate/index?page=content&id=SB10404 | Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: trellix
Published: 2023-07-03T07:35:24.255Z
Updated: 2023-07-03T07:35:24.255Z
Reserved: 2023-06-28T07:03:39.592Z
Link: CVE-2023-3438
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-07-03T08:15:09.670
Modified: 2023-07-14T14:43:08.843
Link: CVE-2023-3438
JSON object: View
Redhat Information
No data.
CWE