N/A

An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During SDK installation, certutil.exe is called by the Acuant installer to install certificates. This window is not hidden, and is running with elevated privileges. A standard user can break out of this window, obtaining a full SYSTEM command prompt window. This results in complete compromise via arbitrary SYSTEM code execution (elevation of privileges).

N/A

N/A

Acuant AcuFill SDK 代码问题漏洞

Acuant AcuFill SDK是美国Acuant公司的一种数据捕获技术。可以从文档中提取所有主要数据字段。 Acuant AcuFill SDK 存在安全漏洞，该漏洞源于在 SDK 安装期间，Acuant 安装程序调用 certutil.exe 来安装证书。此窗口未隐藏，并以提升的权限运行。标准用户可以跳出此窗口，获得完整的 SYSTEM 命令提示符窗口。

N/A

N/A