Parallels Desktop Updater Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability

Parallels Desktop Updater Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The specific flaw exists within the Updater service. By creating a symbolic link, an attacker can abuse the service to execute a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. . Was ZDI-CAN-18150.

N/A

检查时间与使用时间(TOCTOU)的竞争条件

Corel Parallels Desktop 安全漏洞

Corel Parallels Desktop是加拿大科亿尔数码科技（Corel）公司的一套适用于macOS平台的虚拟机软件。 Corel Parallels Desktop存在安全漏洞，该漏洞源于更新程序服务中存在特定缺陷，通过创建符号链接，可以滥用该服务来移动任意文件，攻击者利用该漏洞可以提升权限并执行任意代码。

N/A

N/A