AnyDesk 7.0.9 allows a local user to gain SYSTEM...
High severity
Unreviewed
Published
Jul 19, 2022
to the GitHub Advisory Database
•
Updated Jan 27, 2023
Description
Published by the National Vulnerability Database
Jul 18, 2022
Published to the GitHub Advisory Database
Jul 19, 2022
Last updated
Jan 27, 2023
AnyDesk 7.0.9 allows a local user to gain SYSTEM privileges via a symbolic link because the user can write to their own %APPDATA% folder (used for ad.trace and chat) but the product runs as SYSTEM when writing chat-room data there.
References