Lucene search

K
zdiFilip Dragovic (@filip_dragovic)ZDI-23-1114
HistoryAug 15, 2023 - 12:00 a.m.

ESET Smart Security Link Following Local Privilege Escalation Vulnerability

2023-08-1500:00:00
Filip Dragovic (@filip_dragovic)
www.zerodayinitiative.com
9
eset smart security
privilege escalation
local attacker
ekrn service
symbolic link
arbitrary code
system context

0.0005 Low

EPSS

Percentile

16.2%

This vulnerability allows local attackers to escalate privileges on affected installations of ESET Smart Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the ekrn service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.

0.0005 Low

EPSS

Percentile

16.2%

Related for ZDI-23-1114