← Back

Mids' Reborn Hero Designer

mids'_reborn_hero_designer

Vendor: Mids' Reborn Hero Designer Project • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2020-11614
1Mids' Reborn Hero Designer Project
1Mids' Reborn Hero Designer
Nov 21, 2024
Jun 11, 2020
N/A· v4
8.1 HIGH· v3
6.8 MEDIUM· v2
Mids' Reborn Hero Designer 2.6.0.7 downloads the update manifest, as well as update files, over cleartext HTTP. Additionally, the application does not perform file integrity validation for files after download. An attack...Show more
Mids' Reborn Hero Designer 2.6.0.7 downloads the update manifest, as well as update files, over cleartext HTTP. Additionally, the application does not perform file integrity validation for files after download. An attacker can perform a man-in-the-middle attack against this connection and replace executable files with malicious versions, which the operating system then executes under the context of the user running Hero Designer.Show less
CVE-2020-11613
1Mids' Reborn Hero Designer Project
1Mids' Reborn Hero Designer
Nov 21, 2024
Jun 11, 2020
N/A· v4
7.8 HIGH· v3
4.4 MEDIUM· v2
Mids' Reborn Hero Designer 2.6.0.7 has an elevation of privilege vulnerability due to default and insecure permissions being set for the installation folder. By default, the Authenticated Users group has Modify permissio...Show more
Mids' Reborn Hero Designer 2.6.0.7 has an elevation of privilege vulnerability due to default and insecure permissions being set for the installation folder. By default, the Authenticated Users group has Modify permissions to the installation folder. Because of this, any user on the system can replace binaries or plant malicious DLLs to obtain elevated, or different, privileges, depending on the context of the user that runs the application.Show less