3 matches found
CVE-2020-15264
The Boxstarter installer before version 2.13.0 configures C:\ProgramData\Boxstarter to be in the system-wide PATH environment variable. However, this directory is writable by normal, unprivileged users. To exploit the vulnerability, place a DLL in this directory that a privileged service is looki...
Chocolatey Boxstarter is vulnerable to privilege escalation due to weak ACLs
Overview Chocolatey Boxstarter fails to properly set ACLs, which can allow an unprivileged Windows user to be able to run arbitrary code with SYSTEM privileges. Description CVE-2020-15264 The Chocolatey Boxstarter installer fails to set a secure access-control list ACL on the...
CVE-2020-15264
The CVE-2020-15264 issue affects the Boxstarter installer prior to version 2.13.0, which places C:\ProgramData\Boxstarter on the system PATH. The directory is writable by non-privileged users, enabling DLL loading by a privileged service through a DLL such as WptsExtensions.dll. When Windows star...