4 matches found
EUVD-2018-11281
Malware in sbrugna...
Design/Logic Flaw
The "CLink4Service" service is installed with Corsair Link 4.9.7.35 with insecure permissions by default. This allows unprivileged users to take control of the service and execute commands in the context of NT AUTHORITY\SYSTEM, leading to total system takeover, a similar issue to CVE-2018-12441...
CVE-2018-12441
The CorsairService Service in Corsair Utility Engine is installed with insecure default permissions, which allows unprivileged local users to execute arbitrary commands via modification of the CorsairService BINARYPATHNAME, leading to complete control of the affected system. The issue exists due ...
CVE-2018-12441
The CorsairService in Corsair Utility Engine has insecure default permissions: the Everyone group is granted SERVICE_ALL_ACCESS, enabling unprivileged local users to modify CorsairService BINARY_PATH_NAME and execute arbitrary commands, resulting in complete control of the system. Connected docum...