CVE-2020-7346 Privilege escalation in McAfee DLP Endpoint for Windows

Privilege Escalation vulnerability in McAfee Data Loss Prevention DLP for Windows prior to 11.6.100 allows a local, low privileged, attacker through the use of junctions to cause the product to load DLLs of the attacker's choosing. This requires the creation and removal of junctions by the attack...

PT-2021-2460 · Mcafee · Mcafee Data Loss Prevention

Name of the Vulnerable Software and Affected Versions: McAfee Data Loss Prevention DLP for Windows versions prior to 11.6.100 Description: The issue is related to a privilege escalation vulnerability that allows a local, low-privileged attacker to load DLLs of their choice by using junctions and...

CVE-2020-14418

A TOCTOU vulnerability exists in madCodeHook before 2020-07-16 that allows local attackers to elevate their privileges to SYSTEM. This occurs because path redirection can occur via vectors involving directory junctions...

Path traversal

A TOCTOU vulnerability exists in madCodeHook before 2020-07-16 that allows local attackers to elevate their privileges to SYSTEM. This occurs because path redirection can occur via vectors involving directory junctions...

CVE-2020-14418

CVE-2020-14418 refers to a TOCTOU vulnerability in the library/middleware product madCodeHook before 2020-07-16, enabling local attackers to escalate to SYSTEM via path redirection (directory junctions). The issue is a local privilege escalation with an impact on confidentiality, integrity, and a...

CVE-2020-14418

A TOCTOU vulnerability exists in madCodeHook before 2020-07-16 that allows local attackers to elevate their privileges to SYSTEM. This occurs because path redirection can occur via vectors involving directory junctions...

CVE-2020-0989

An information disclosure vulnerability exists when Windows Mobile Device Management MDM Diagnostics improperly handles junctions. An attacker who successfully exploited this vulnerability could bypass access restrictions to read files. To exploit this vulnerability, an attacker would first have ...

Windows Mobile Device Management Diagnostics Information Disclosure Vulnerability

An information disclosure vulnerability exists when Windows Mobile Device Management MDM Diagnostics improperly handles junctions. An attacker who successfully exploited this vulnerability could bypass access restrictions to read files. To exploit this vulnerability, an attacker would first have ...

CVE-2020-1565

An elevation of privilege vulnerability exists when the "Public Account Pictures" folder improperly handles junctions. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate...

Privilege escalation

An elevation of privilege vulnerability exists when the "Public Account Pictures" folder improperly handles junctions. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate...

Windows Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the "Public Account Pictures" folder improperly handles junctions. To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate...

PT-2020-3706 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: An elevation of privilege issue exists due to improper handling of junctions in the "Public Account Pictures" folder. To exploit this, an attacker must first gain execution on the victim...

Acronis: Arbitrary file creation via symlink attack on syncagentsrv (Acronis Sync Agent Service)

Issue class description Arbitrary file creation is a vulnerability that allows attacker to create file in arbitrary location within filesystem. This includes protected directories, such as C:\Windows, C:\windows\system32 and "C:\Program Files". If in addition, attacker has control over the file...

CVE-2020-1405

An elevation of privilege vulnerability exists when Windows Mobile Device Management MDM Diagnostics improperly handles junctions, aka 'Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1372...

CVE-2020-1330

An information disclosure vulnerability exists when Windows Mobile Device Management MDM Diagnostics improperly handles junctions, aka 'Windows Mobile Device Management Diagnostics Information Disclosure Vulnerability'...

Windows Mobile Device Management Diagnostics Information Disclosure Vulnerability

An information disclosure vulnerability exists when Windows Mobile Device Management MDM Diagnostics improperly handles junctions. An attacker who successfully exploited this vulnerability could bypass access restrictions to read files. To exploit this vulnerability, an attacker would first have ...

CVE-2020-1204

An elevation of privilege vulnerability exists when Windows Mobile Device Management MDM Diagnostics improperly handles junctions, aka 'Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability'...

Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Windows Mobile Device Management MDM Diagnostics improperly handles junctions. An attacker who successfully exploited this vulnerability could bypass access restrictions to delete files. To exploit this vulnerability, an attacker would first hav...

CVE-2020-8099

A vulnerability in the improper handling of junctions in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location. This issue affects: Bitdefender Antivirus Free versions prior to 1.0.17...

Design/Logic Flaw

A vulnerability in the improper handling of junctions in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location. This issue affects: Bitdefender Antivirus Free versions prior to 1.0.17...