Signal Desktop before 1.29.1 on Windows allows local users to gain privileges by creating a Trojan horse %SYSTEMDRIVE%\node_modules\.bin\wmic.exe file.
References
Link | Resource |
---|---|
https://blog.mirch.io/2019/12/18/signal-desktop-windows-lpe/ | Exploit Patch Third Party Advisory |
https://github.com/signalapp/Signal-Desktop/commit/2da39cca673cc11be3c6d70d4fb95889f9ab6688 | Patch |
Configurations
Configuration 1 (hide)
AND |
|
History
No history.
Information
Published : 2019-12-24 15:15
Updated : 2024-02-28 17:28
NVD link : CVE-2019-19954
Mitre link : CVE-2019-19954
CVE.ORG link : CVE-2019-19954
JSON object : View
Products Affected
signal
- signal-desktop
microsoft
- windows
CWE
CWE-427
Uncontrolled Search Path Element