Lucene search

K
zdiAbdelhamid NaceriZDI-21-1078
HistorySep 16, 2021 - 12:00 a.m.

Microsoft Windows Installer Service Directory Junction Denial-of-Service Vulnerability

2021-09-1600:00:00
Abdelhamid Naceri
www.zerodayinitiative.com
28

EPSS

0

Percentile

9.7%

This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Windows Installer Service. By creating a directory junction, an attacker can abuse the service to create a directory. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.