Skip to content

Clario through 2024-04-11 for Windows Desktop has weak permissions for %PROGRAMDATA%\Clario and tries to load DLLs from there as SYSTEM.

Notifications You must be signed in to change notification settings

Alaatk/CVE-2024-34474

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
 
 
 
 

Repository files navigation

CVE-2024-34474

Clario through 2024-04-11 for Windows Desktop has weak permissions for %PROGRAMDATA%\Clario and tries to load DLLs from there as SYSTEM.

Description:

Clario for Windows desktop application attempts to load non existent DLLs libraries from C:\ProgramData\Clario\ and C:\ProgramData\Clario\Engines\ when a user performs an Antivirus scan. The DLL files do not exist and this process is invoked with SYSTEM privileges even if a non admin performs it. By default, on windows systems, any authenticated users can create files/Folders under the c:\ProgramData\Clario path. A user with low privileges can create the DLL files under C:\ProgramData\Clario\ and C:\ProgramData\Clario\Engines\ to execute arbitrary code of their choice resulting in elevation of Privileges to the SYSTEM rights.

Affected versions

Clario versions through 2024-04-11

Impacted service(s)

Insecure Folders: C:\ProgramData\Clario\ & C:\ProgramData\Clario\Engines\

Service: ClarioService.exe

DLL loaded from world-writable directory

Alt text

Discovered by:

Alaa Kachouh

About

Clario through 2024-04-11 for Windows Desktop has weak permissions for %PROGRAMDATA%\Clario and tries to load DLLs from there as SYSTEM.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published