NCP Secure Enterprise Client before 10.15 r47589 allows a symbolic link attack on enumusb.reg via Support Assistant.
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Link | Tags |
---|---|
https://herolab.usd.de/security-advisories/ | third party advisory |
https://herolab.usd.de/security-advisories/usd-2020-0038/ | third party advisory exploit |