Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:CVE-2020-15264
HistoryOct 20, 2020 - 9:15 p.m.

CVE-2020-15264

2020-10-2021:15:12
Google
osv.dev
5
boxstarter installer
privilege escalation
system privileges
vulnerability
dll
path environment variable

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

21.8%

JSON

The Boxstarter installer before version 2.13.0 configures C:\ProgramData\Boxstarter to be in the system-wide PATH environment variable. However, this directory is writable by normal, unprivileged users. To exploit the vulnerability, place a DLL in this directory that a privileged service is looking for. For example, WptsExtensions.dll When Windows starts, it’ll execute the code in DllMain() with SYSTEM privileges. Any unprivileged user can execute code with SYSTEM privileges. The issue is fixed in version 3.13.0

Related

prion 1
cert 1
cve 1
cvelist 1
nvd 1
prion
prion
Code injection
2020-10-20 21:15:00
cert
cert
Chocolatey Boxstarter is vulnerable to privilege escalation due to weak ACLs
2020-10-22 00:00:00
cve
cve
CVE-2020-15264
2020-10-20 21:15:12
cvelist
cvelist
CVE-2020-15264 Privilege Escalation in Boxstarter
2020-10-20 20:25:17
nvd
nvd
CVE-2020-15264
2020-10-20 21:15:12

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

21.8%

JSON
Related for OSV:CVE-2020-15264
prion1cert1cve1cvelist1nvd1