Описание
Inappropriate implementation in the ChromeOS Readiness Tool installer on Windows prior to 1.0.2.0 loosens DCOM access rights on two objects allowing an attacker to potentially bypass discretionary access controls.
Ссылки
- Third Party Advisory
- Permissions Required
- Third Party Advisory
- Permissions Required
Уязвимые конфигурации
Конфигурация 1Версия до 1.0.2.0 (исключая)
Одновременно
cpe:2.3:a:google:chrome_os_readiness_tool:*:*:*:*:*:*:*:*
Одно из
cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_7:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
EPSS
Процентиль: 2%
0.00013
Низкий
7.8 High
CVSS3
4.6 Medium
CVSS2
Дефекты
CWE-287
Связанные уязвимости
github
больше 3 лет назад
Inappropriate implementation in the ChromeOS Readiness Tool installer on Windows prior to 1.0.2.0 loosens DCOM access rights on two objects allowing an attacker to potentially bypass discretionary access controls.
EPSS
Процентиль: 2%
0.00013
Низкий
7.8 High
CVSS3
4.6 Medium
CVSS2
Дефекты
CWE-287