Vulnerability CVE-2021-46443


Published: 2022-04-01

Description:
Spoofer 1.4.6 suffers from unquoted service paths vulnerability. An attacker as a low privileged local user can hijack the execution flow of the application to escalate privileges by inserting a malicious executable in a higher level directory with the vulnerable path.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
Spoofer 1.4.6 Privilege Escalation / Unquoted Service Path
Asim Sattar
31.03.2022

Type:

CWE-264

(Permissions, Privileges, and Access Controls)

 References:
http://spoofer.com
https://packetstormsecurity.com/files/166553/Spoofer-1.4.6-Privilege-Escalation-Unquoted-Service-Path.html

Copyright 2024, cxsecurity.com

 

Back to Top