CVE-2021-41065 - An issue was discovered in Listary through 6. An attacker can create a \\.\pipe\Listary.listaryServi

CVE-2021-41065

Summary

An issue was discovered in Listary through 6. An attacker can create a \\.\pipe\Listary.listaryService named pipe and wait for a privileged user to open a session on the Listary installed host. Listary will automatically access the named pipe and the attacker will be able to duplicate the victim's token to impersonate him. This exploit is valid in certain Windows versions (Microsoft has patched the issue in later Windows 10 builds).

References

https://medium.com/@tomerp_77017/exploiting-listary-searching-your-way-to-system-privileges-8175af676c3e
https://www.listary.com/download

Vulnerable Configurations

cpe:2.3:a:bopsoft:listary:*:*:*:*:*:*:*:*
cpe:2.3:a:bopsoft:listary:*:*:*:*:*:*:*:*

CVSS

Base:	4.4 (as of 20-12-2021 - 14:08)
Impact:
Exploitability:

CWE

CWE-668

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:L/AC:M/Au:N/C:P/I:P/A:P

Last major update

20-12-2021 - 14:08

Published

14-12-2021 - 16:15

Last modified

20-12-2021 - 14:08