A local attacker can create a hard-link between a file to which the Check Point Endpoint Security client for Windows before E80.96 writes and another BAT file, then by impersonating the WPAD server, the attacker can write BAT commands into that file that will later be run by the user or the system.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: checkpoint
Published: 2019-04-29T15:10:15
Updated: 2024-08-04T21:17:31.447Z
Reserved: 2019-02-18T00:00:00
Link: CVE-2019-8454
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-04-29T16:29:01.157
Modified: 2024-11-21T04:49:56.083
Link: CVE-2019-8454
Redhat
No data.