N/A

Panini Everest Engine 2.0.4 allows unprivileged users to create a file named Everest.exe in the %PROGRAMDATA%\Panini folder. This leads to privilege escalation because a service, running as SYSTEM, uses the unquoted path of %PROGRAMDATA%\Panini\Everest Engine\EverestEngine.exe and therefore a Trojan horse %PROGRAMDATA%\Panini\Everest.exe may be executed instead of the intended vendor-supplied EverestEngine.exe file.

N/A

N/A

Panini Everest Engine 代码问题漏洞

Panini Everest Engine是Panini公司的一个 Windows 服务驱动程序。 Panini Everest Engine 2.0.4版本存在安全漏洞，该漏洞源于允许非特权用户在 %PROGRAMDATA%Panini 文件夹中创建名为 Everest.exe 的文件，攻击者利用该漏洞可以提升权限。

N/A

N/A