Macro Expert through 4.9.4 allows BUILTIN\Users:(OI)(CI)...
High severity
Unreviewed
Published
Apr 3, 2024
to the GitHub Advisory Database
•
Updated Aug 27, 2024
Description
Published by the National Vulnerability Database
Apr 3, 2024
Published to the GitHub Advisory Database
Apr 3, 2024
Last updated
Aug 27, 2024
Macro Expert through 4.9.4 allows BUILTIN\Users:(OI)(CI)(M) access to the "%PROGRAMFILES(X86)%\GrassSoft\Macro Expert" folder and thus an unprivileged user can escalate to SYSTEM by replacing the MacroService.exe binary.
References