Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In Microsoft DirectX End-User Runtime Web Installer 9.29.1974.0, a low-privilege user can replace an executable file during the installation process, which may result in unintended elevation of privileges. During installation, the installer runs with HIGH integrity and downloads executables and DLLs to the %TEMP% folder - writable by standard users. Subsequently, the installer executes the downloaded executable with HIGH integrity to complete the application installation. However, an attacker can replace the downloaded executable with a malicious, user-controlled executable. When the installer executes this replaced file, it runs the attacker's code with HIGH integrity. Since code running at HIGH integrity can escalate to SYSTEM level by registering and executing a service, this creates a complete privilege escalation chain from standard user to SYSTEM. NOTE: The Supplier disputes this record stating that they have determined this to be the behavior as designed.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Microsoft DirectX End-User Runtime Web Installer 安全漏洞
Vulnerability Description
Microsoft DirectX End-User Runtime Web Installer是美国微软(Microsoft)公司的一个组件安装工具。 Microsoft DirectX End-User Runtime Web Installer 9.29.1974.0版本存在安全漏洞,该漏洞源于安装过程中低权限用户可替换可执行文件,可能导致权限提升。
CVSS Information
N/A
Vulnerability Type
N/A