Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Local Privilege Escalation via Insecure Update Mechanism in iMonitor EAM
Vulnerability Description
iMonitor EAM 9.6394 installs a system service (eamusbsrv64.exe) that runs with NT AUTHORITY\SYSTEM privileges. This service includes an insecure update mechanism that automatically loads files placed in the C:\sysupdate\ directory during startup. Because any local user can create and write to this directory, an attacker can place malicious DLLs or executables in it. Upon service restart, the files are moved to the application’s installation path and executed with SYSTEM privileges, leading to privilege escalation.
CVSS Information
N/A
Vulnerability Type
关键资源的不正确权限授予
Vulnerability Title
iMonitor EAM 安全漏洞
Vulnerability Description
iMonitor EAM是美国iMonitor公司的一款员工电脑网络活动监控软件。 iMonitor EAM 9.6394版本存在安全漏洞,该漏洞源于系统服务更新机制不安全,可能导致权限提升。
CVSS Information
N/A
Vulnerability Type
N/A