CVE-2020-15401

Published: Jun 30, 2020Modified: Nov 21, 2024

4.4

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

Exploitability: 0.8 / Impact: 3.6

Source: NVD

Description

IOBit Malware Fighter Pro 8.0.2.547 allows local users to gain privileges for file deletion by manipulating malicious flagged file locations with an NTFS junction and an Object Manager symbolic link.

Affected (1)

Products: Iobit: Malware Fighter

Iobit

1 product

Malware Fighter

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Iobit Malware Fighter	Version 8.0.2.547

Related CWEs

CWE-59

Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References (2)

http://daniels-it-blog.blogspot.com/2020/06/when-your-anti-virus-turns-against-you.html

Source: cve@mitre.org

ExploitThird Party Advisory

http://daniels-it-blog.blogspot.com/2020/06/when-your-anti-virus-turns-against-you.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.