CVE-2020-11613

Published: Jun 11, 2020Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Mids' Reborn Hero Designer 2.6.0.7 has an elevation of privilege vulnerability due to default and insecure permissions being set for the installation folder. By default, the Authenticated Users group has Modify permissions to the installation folder. Because of this, any user on the system can replace binaries or plant malicious DLLs to obtain elevated, or different, privileges, depending on the context of the user that runs the application.

Affected (1)

Products: Mids' Reborn Hero Designer Project: Mids' Reborn Hero Designer

Mids' Reborn Hero Designer Project

1 product

Mids' Reborn Hero Designer

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mids' Reborn Hero Designer Project Mids' Reborn Hero Designer	Version 2.6.0.7

Related CWEs

Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (4)

https://github.com/Crytilis/mids-reborn-hero-designer/releases

Source: cve@mitre.org

Release NotesThird Party Advisory

https://www.doyler.net/security-not-included/mids-reborn-vulnerabilities

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/Crytilis/mids-reborn-hero-designer/releases

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesThird Party Advisory

https://www.doyler.net/security-not-included/mids-reborn-vulnerabilities

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.