← Back to CVEs

CVE-2020-11613

HIGH

7.8

Description

Mids' Reborn Hero Designer 2.6.0.7 has an elevation of privilege vulnerability due to default and insecure permissions being set for the installation folder. By default, the Authenticated Users group has Modify permissions to the installation folder. Because of this, any user on the system can replace binaries or plant malicious DLLs to obtain elevated, or different, privileges, depending on the context of the user that runs the application.

CVE Details

CVSS v3.1 Score7.8

SeverityHIGH

CVSS VectorCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack VectorLOCAL

ComplexityLOW

Privileges RequiredNONE

User InteractionREQUIRED

Published6/11/2020

Last Modified11/21/2024

Sourcenvd

Honeypot Sightings0

Affected Products

mids\'_reborn_hero_designer_project:mids\'_reborn_hero_designer

Weaknesses (CWE)

CWE-427CWE-732

References

https://github.com/Crytilis/mids-reborn-hero-designer/releases(cve@mitre.org)

https://www.doyler.net/security-not-included/mids-reborn-vulnerabilities(cve@mitre.org)

https://github.com/Crytilis/mids-reborn-hero-designer/releases(af854a3a-2127-422b-91ae-364da2661108)

https://www.doyler.net/security-not-included/mids-reborn-vulnerabilities(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.