WithSecure Elements Endpoint Protection Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of WithSecure Elements Endpoint Protection. User interaction on the part of an administrator is required to exploit this vulnerability.
The specific flaw exists within the WithSecure plugin hosting service. By creating a symbolic link, an attacker can abuse the service to create a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-23035.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.zerodayinitiative.com/advisories/ZDI-24-491/ |
![]() ![]() ![]() |
History
No history.

Status: PUBLISHED
Assigner: zdi
Published: 2024-05-22T19:13:53.373Z
Updated: 2024-08-01T20:40:47.114Z
Reserved: 2024-05-02T23:39:34.766Z
Link: CVE-2024-4454

Updated: 2024-08-01T20:40:47.114Z

Status : Awaiting Analysis
Published: 2024-05-22T20:15:10.130
Modified: 2024-11-21T09:42:51.820
Link: CVE-2024-4454

No data.