Signal Desktop before 1.29.1 on Windows allows local users to gain privileges by creating a Trojan horse %SYSTEMDRIVE%\node_modules\.bin\wmic.exe file.
References
Link | Resource |
---|---|
https://blog.mirch.io/2019/12/18/signal-desktop-windows-lpe/ | Exploit Patch Third Party Advisory |
https://github.com/signalapp/Signal-Desktop/commit/2da39cca673cc11be3c6d70d4fb95889f9ab6688 | Patch |
https://blog.mirch.io/2019/12/18/signal-desktop-windows-lpe/ | Exploit Patch Third Party Advisory |
https://github.com/signalapp/Signal-Desktop/commit/2da39cca673cc11be3c6d70d4fb95889f9ab6688 | Patch |
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 04:35
Type | Values Removed | Values Added |
---|---|---|
References | () https://blog.mirch.io/2019/12/18/signal-desktop-windows-lpe/ - Exploit, Patch, Third Party Advisory | |
References | () https://github.com/signalapp/Signal-Desktop/commit/2da39cca673cc11be3c6d70d4fb95889f9ab6688 - Patch |
Information
Published : 2019-12-24 15:15
Updated : 2024-11-21 04:35
NVD link : CVE-2019-19954
Mitre link : CVE-2019-19954
CVE.ORG link : CVE-2019-19954
JSON object : View
Products Affected
microsoft
- windows
signal
- signal-desktop
CWE
CWE-427
Uncontrolled Search Path Element