Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Paramount Macrium Reflect through 2025-06-26 allows local attackers to execute arbitrary code with administrator privileges via a crafted .mrimgx backup file and a malicious VSSSvr.dll located in the same directory. When a user with administrative privileges mounts a backup by opening the .mrimgx file, Reflect loads the attacker's VSSSvr.dll after the mount completes. This occurs because of untrusted DLL search path behavior in ReflectMonitor.exe.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
Vulnerability Type
N/A
Vulnerability Title
Paramount Macrium Reflect 安全漏洞
Vulnerability Description
Paramount Macrium Reflect是英国Paramount公司的一款基于镜像的备份和恢复软件。 Paramount Macrium Reflect 2025-06-26及之前版本存在安全漏洞,该漏洞源于DLL搜索路径不安全,可能导致通过特制备份文件以管理员权限执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A