Lucene search
Nicholas Zubrisky and Michael DePlante (@izobashi) of Trend Micro Zero Day InitiativeZDI-24-182HistoryFeb 15, 2024 - 12:00 a.m.
ESET Smart Security Premium ekrn Link Following Local Privilege Escalation Vulnerability
2024-02-1500:00:00
Nicholas Zubrisky and Michael DePlante (@izobashi) of Trend Micro Zero Day Initiative
www.zerodayinitiative.com
13
eset smart security premium
local attackers
privilege escalation
eset service
symbolic link
arbitrary code
system context
This vulnerability allows local attackers to escalate privileges on affected installations of ESET Smart Security Premium. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the ESET Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM.
Related
nvd
nvd
CVE-2024-0353
2024-02-15 08:15:46
cve
cve
CVE-2024-0353
2024-02-15 08:15:46
prion
prion
Privilege escalation
2024-02-15 08:15:00
cvelist
cvelist
CVE-2024-0353 Local privilege escalation in Windows products
2024-02-15 07:40:24