← Voltar para CVEs

CVE-2020-26894

HIGH

7.8

Descricao

LiveCode v9.6.1 on Windows allows local, low-privileged users to gain privileges by creating a malicious "cmd.exe" in the folder of the vulnerable LiveCode application. If the application is using LiveCode's "shell()" function, it will attempt to search for "cmd.exe" in the folder of the current application and run the malicious "cmd.exe".

Detalhes CVE

Pontuacao CVSS v3.17.8

SeveridadeHIGH

Vetor CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vetor de ataqueLOCAL

ComplexidadeLOW

Privilegios necessariosLOW

Interacao do usuarioNONE

Publicado10/8/2020

Ultima modificacao11/21/2024

Fontenvd

Avistamentos honeypot0

Produtos afetados

faulknermedia:wildlife_issues_in_the_new_millenniummicrosoft:windows

Fraquezas (CWE)

CWE-427

Referencias

https://github.com/livecode/livecode/pull/7454(cve@mitre.org)

https://john-woodman.com/posts/LiveCode-Privilege-Escalation-Vulnerability/(cve@mitre.org)

https://quality.livecode.com/show_bug.cgi?id=22942(cve@mitre.org)

https://github.com/livecode/livecode/pull/7454(af854a3a-2127-422b-91ae-364da2661108)

https://john-woodman.com/posts/LiveCode-Privilege-Escalation-Vulnerability/(af854a3a-2127-422b-91ae-364da2661108)

https://quality.livecode.com/show_bug.cgi?id=22942(af854a3a-2127-422b-91ae-364da2661108)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.