CVE-2019-10679

Published: Sep 3, 2020Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Thomson Reuters Eikon 4.0.42144 allows all local users to modify the service executable file because of weak %PROGRAMFILES(X86)%\Thomson Reuters\Eikon permissions.

Affected (1)

Products: Thomsonreuters: Eikon

Thomsonreuters

1 product

Eikon

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Thomsonreuters Eikon	Version 4.0.42144

Related CWEs

CWE-276

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (10)

http://packetstormsecurity.com/files/158989/Eikon-Thomson-Reuters-4.0.42144-File-Permissions.html

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2020/Aug/19

Source: cve@mitre.org

ExploitMailing ListThird Party Advisory

https://sec-consult.com/en/blog/advisories/extensive-file-permissions-on-service-executable-in-eikon-thomson-reuters-cve-2019-10679/

Source: cve@mitre.org

Third Party Advisory

https://www.sec-consult.com/en/vulnerability-lab/advisories/index.html

Source: cve@mitre.org

Third Party Advisory

https://www.thomsonreuters.com/en/products-services.html

Source: cve@mitre.org

Vendor Advisory

http://packetstormsecurity.com/files/158989/Eikon-Thomson-Reuters-4.0.42144-File-Permissions.html