Macro Expert through 4.9.4 allows BUILTIN\Users:(OI)(CI)(M) access to the "%PROGRAMFILES(X86)%\GrassSoft\Macro Expert" folder and thus an unprivileged user can escalate to SYSTEM by replacing the MacroService.exe binary.
References
Configurations
No configuration.
History
27 Aug 2024, 14:35
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-277 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
Summary |
|
03 Apr 2024, 17:24
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-04-03 17:15
Updated : 2024-08-27 14:35
NVD link : CVE-2024-27674
Mitre link : CVE-2024-27674
CVE.ORG link : CVE-2024-27674
JSON object : View
Products Affected
No product.
CWE
CWE-277
Insecure Inherited Permissions