Untrusted Search Path Vulnerability in MagicConnect Client Installer Allows Privilege Escalation and Remote Code Execution

Untrusted Search Path Vulnerability in MagicConnect Client Installer Allows Privilege Escalation and Remote Code Execution

CVE-2021-20674 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Untrusted search path vulnerability in Installer of MagicConnect Client program distributed before 2021 March 1 allows an attacker to gain privileges and via a Trojan horse DLL in an unspecified directory and to execute arbitrary code with the privilege of the user invoking the installer when a terminal is connected remotely using Remote desktop.

Learn more about our Cis Benchmark Audit For Desktop Software.