vendor:
by:
N/A
CVSS
HIGH
Low Privilege File Hijack
CWE
Product Name:
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested: Windows
Low Privilege File Hijack Vulnerability
This vulnerability allows low privileged users to hijack files owned by NT AUTHORITYSYSTEM by overwriting permissions on the targeted file. Successful exploitation results in "Full Control" permissions for the low privileged user. The exploit involves checking if the targeted file exists, killing Microsoft Edge to access the settings.dat file, deleting the settings.dat file to create a hardlink to the targeted file, and triggering the vulnerability by restarting Microsoft Edge. Finally, a check is performed to verify that the current user has "Full Control" permissions.
Mitigation:
To mitigate this vulnerability, ensure that low privileged users do not have the ability to modify file permissions or access sensitive files.