Mids' Reborn Hero Designer Project

mids'_reborn_hero_designer_project

2 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Mids' Reborn Hero Designer

mids'_reborn_hero_designer

2 CVEs

CVEs (2)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-11614 1Mids' Reborn Hero Designer Project 1Mids' Reborn Hero Designer Nov 21, 2024 Jun 11, 2020 N/A· v4 8.1 HIGH· v3 6.8 MEDIUM· v2 Mids' Reborn Hero Designer 2.6.0.7 downloads the update manifest, as well as update files, over cleartext HTTP. Additionally, the application does not perform file integrity validation for files after download. An attack...Show more Mids' Reborn Hero Designer 2.6.0.7 downloads the update manifest, as well as update files, over cleartext HTTP. Additionally, the application does not perform file integrity validation for files after download. An attacker can perform a man-in-the-middle attack against this connection and replace executable files with malicious versions, which the operating system then executes under the context of the user running Hero Designer.Show less
CVE-2020-11613 1Mids' Reborn Hero Designer Project 1Mids' Reborn Hero Designer Nov 21, 2024 Jun 11, 2020 N/A· v4 7.8 HIGH· v3 4.4 MEDIUM· v2 Mids' Reborn Hero Designer 2.6.0.7 has an elevation of privilege vulnerability due to default and insecure permissions being set for the installation folder. By default, the Authenticated Users group has Modify permissio...Show more Mids' Reborn Hero Designer 2.6.0.7 has an elevation of privilege vulnerability due to default and insecure permissions being set for the installation folder. By default, the Authenticated Users group has Modify permissions to the installation folder. Because of this, any user on the system can replace binaries or plant malicious DLLs to obtain elevated, or different, privileges, depending on the context of the user that runs the application.Show less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2020-11614

1Mids' Reborn Hero Designer Project

1Mids' Reborn Hero Designer

Nov 21, 2024

Jun 11, 2020

N/A· v4

8.1 HIGH· v3

6.8 MEDIUM· v2

Mids' Reborn Hero Designer 2.6.0.7 downloads the update manifest, as well as update files, over cleartext HTTP. Additionally, the application does not perform file integrity validation for files after download. An attacker can perform a man-in-the-middle attack against this connection and replace executable files with malicious versions, which the operating system then executes under the context of the user running Hero Designer.Show less

CVE-2020-11613

1Mids' Reborn Hero Designer Project

1Mids' Reborn Hero Designer

Nov 21, 2024

Jun 11, 2020

N/A· v4

7.8 HIGH· v3

4.4 MEDIUM· v2

Mids' Reborn Hero Designer 2.6.0.7 has an elevation of privilege vulnerability due to default and insecure permissions being set for the installation folder. By default, the Authenticated Users group has Modify permissions to the installation folder. Because of this, any user on the system can replace binaries or plant malicious DLLs to obtain elevated, or different, privileges, depending on the context of the user that runs the application.Show less