Weak Permissions in Quest Toad for Data Analysts 3.0.1 Allow Privilege Escalation via Trojan Horse File

Weak Permissions in Quest Toad for Data Analysts 3.0.1 Allow Privilege Escalation via Trojan Horse File

CVE-2012-0279 · MEDIUM Severity

AV:L/AC:M/AU:N/C:C/I:C/A:C

Quest Toad for Data Analysts 3.0.1 uses weak permissions (Everyone: Full Control) for the %COMMONPROGRAMFILES%\Quest Shared directory, which allows local users to gain privileges via a Trojan horse file.

Learn more about our User Device Pen Test.