A privilege escalation vulnerability exists within the Qumu Multicast Extension v2 before 2.0.63 for Windows. When a standard user triggers a repair of the software, a pop-up window opens with SYSTEM privileges. Standard users may use this to gain arbitrary code execution as SYSTEM.
[
{
"cpes": [
"cpe:2.3:a:qumu:mulitcast_extension:*:*:*:*:*:*:*:*"
],
"vendor": "qumu",
"product": "mulitcast_extension",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "2.0.63",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
}
]