Japan Vulnerability NotesJVN:63898867JVN#63898867: Applications that use the Windows Help function may be vulnerable to privilege escalation
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
9.5%
Applications or Services that call the Windows Help function in an insecure manner may allow a user unauthorized access to resrouces on the system.
This issue may occur in applications or services where the Help function is not called in a secure manner. An example of this is when Anti-virus software or a personal firewall is running on the local system with the privileges of an administrator on the local system, and has an interface to “communicate” with the user.
Impact
A user may gain unauthorized access to resources on the system.
Solution
Refer to the “Vendor Status” section below for Solution information on each application.
Products Affected
For information on Products Affected, please refer to the “Vendor Status” section below.
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
9.5%