Privilege Escalation via Unprivileged File Writing in Oculus Desktop

Privilege Escalation via Unprivileged File Writing in Oculus Desktop

CVE-2020-1885 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Writing to an unprivileged file from a privileged OVRRedir.exe process in Oculus Desktop before 1.44.0.32849 on Windows allows local users to write to arbitrary files and consequently gain privileges via vectors involving a hard link to a log file.

Learn more about our Cis Benchmark Audit For Desktop Software.