A local attacker can create a hard-link between a file to which the Check Point Endpoint Security client for Windows before E80.96 writes and another BAT file, then by impersonating the WPAD server, the attacker can write BAT commands into that file that will later be run by the user or the system.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: checkpoint

Published: 2019-04-29T15:10:15

Updated: 2024-08-04T21:17:31.447Z

Reserved: 2019-02-18T00:00:00

Link: CVE-2019-8454

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-04-29T16:29:01.157

Modified: 2024-11-21T04:49:56.083

Link: CVE-2019-8454

cve-icon Redhat

No data.