CWE-59
AllowedImproper Link Resolution Before File Access ('Link Following')
Abstraction: Base · Status: Draft
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
1987 vulnerabilities reference this CWE, most recent first.
CVE-2024-13962 (GCVE-0-2024-13962)
Vulnerability from cvelistv5 – Published: 2025-05-09 15:20 – Updated: 2025-05-09 17:21- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
| Vendor | Product | Version | |
|---|---|---|---|
| Avast | CleanUp Premium |
Affected:
24.2.16593.17810
Unaffected: 24.3.17165.19178 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-13962",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-09T17:15:51.871672Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-09T17:21:48.110Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"64 bit"
],
"product": "CleanUp Premium",
"vendor": "Avast",
"versions": [
{
"status": "affected",
"version": "24.2.16593.17810"
},
{
"status": "unaffected",
"version": "24.3.17165.19178"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Vladislav Berghici of Trend Micro"
},
{
"lang": "en",
"type": "reporter",
"value": "Zero Day Initiative"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Link Following Local Privilege Escalation Vulnerability in TuneupSvc in Gen Digital Inc. Avast Cleanup Premium Version 24.2.16593.17810 on Windows 10 Pro x64 allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via creating a symbolic link and leveraging a TOCTTOU (time-of-check to time-of-use) attack."
}
],
"value": "Link Following Local Privilege Escalation Vulnerability in TuneupSvc in Gen Digital Inc. Avast Cleanup Premium Version 24.2.16593.17810 on Windows 10 Pro x64 allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via creating a symbolic link and leveraging a TOCTTOU (time-of-check to time-of-use) attack."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
},
{
"capecId": "CAPEC-549",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-549 Local Execution of Code"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-09T15:20:51.310Z",
"orgId": "dbd8429d-f261-4b1e-94cc-ae3132817e2e",
"shortName": "NLOK"
},
"references": [
{
"url": "https://www.gendigital.com/us/en/contact-us/security-advisories/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpgrade to Avast Cleanup Premium 24.3.17165.19178 or newer\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Upgrade to Avast Cleanup Premium 24.3.17165.19178 or newer"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Link Following Local Privilege Escalation Vulnerability in Avast Cleanup Premium Version 24.2.16593.17810",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dbd8429d-f261-4b1e-94cc-ae3132817e2e",
"assignerShortName": "NLOK",
"cveId": "CVE-2024-13962",
"datePublished": "2025-05-09T15:20:51.310Z",
"dateReserved": "2025-05-09T14:58:02.642Z",
"dateUpdated": "2025-05-09T17:21:48.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-13961 (GCVE-0-2024-13961)
Vulnerability from cvelistv5 – Published: 2025-05-09 15:20 – Updated: 2025-05-09 17:38| Vendor | Product | Version | |
|---|---|---|---|
| Avast | CleanUp Premium |
Affected:
24.2.16593.17810
Unaffected: 24.3.17165.19178 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-13961",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-09T17:22:42.929327Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-09T17:38:53.172Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"64 bit"
],
"product": "CleanUp Premium",
"vendor": "Avast",
"versions": [
{
"status": "affected",
"version": "24.2.16593.17810"
},
{
"status": "unaffected",
"version": "24.3.17165.19178"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Vladislav Berghici of Trend Micro Research"
},
{
"lang": "en",
"type": "reporter",
"value": "Zero Day Initiative"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Link Following Local Privilege Escalation Vulnerability in TuneupSvc in Avast Cleanup Premium Version 24.2.16593.17810 on Windows 10 Pro x64 allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via creating a symbolic link and leveraging a TOCTTOU (time-of-check to time-of-use) attack."
}
],
"value": "Link Following Local Privilege Escalation Vulnerability in TuneupSvc in Avast Cleanup Premium Version 24.2.16593.17810 on Windows 10 Pro x64 allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via creating a symbolic link and leveraging a TOCTTOU (time-of-check to time-of-use) attack."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
},
{
"capecId": "CAPEC-549",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-549 Local Execution of Code"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-09T15:20:42.493Z",
"orgId": "dbd8429d-f261-4b1e-94cc-ae3132817e2e",
"shortName": "NLOK"
},
"references": [
{
"url": "https://www.gendigital.com/us/en/contact-us/security-advisories/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate to Avast Cleanup Premium 24.3.17165.19178 or newer\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Update to Avast Cleanup Premium 24.3.17165.19178 or newer"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Avast Cleanup Premium TuneupSvc Link Following Local Privilege Escalation Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dbd8429d-f261-4b1e-94cc-ae3132817e2e",
"assignerShortName": "NLOK",
"cveId": "CVE-2024-13961",
"datePublished": "2025-05-09T15:20:42.493Z",
"dateReserved": "2025-05-09T14:44:31.333Z",
"dateUpdated": "2025-05-09T17:38:53.172Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-13960 (GCVE-0-2024-13960)
Vulnerability from cvelistv5 – Published: 2025-05-09 15:20 – Updated: 2025-05-09 18:54{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-13960",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-09T18:44:05.012314Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-09T18:54:22.055Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Windows"
],
"product": "TuneUp",
"vendor": "AVG",
"versions": [
{
"status": "affected",
"version": "23.4",
"versionType": "custom"
},
{
"status": "unaffected",
"version": "24.1 31.7.2024",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Zero Day Initiative"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Link Following Local Privilege Escalation Vulnerability in TuneUp Service in AVG TuneUp Version 23.4 (build 15592) on Windows 10 allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via creating a symbolic link and leveraging a TOCTTOU (time-of-check to time-of-use) attack."
}
],
"value": "Link Following Local Privilege Escalation Vulnerability in TuneUp Service in AVG TuneUp Version 23.4 (build 15592) on Windows 10 allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via creating a symbolic link and leveraging a TOCTTOU (time-of-check to time-of-use) attack."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-09T15:20:29.660Z",
"orgId": "dbd8429d-f261-4b1e-94cc-ae3132817e2e",
"shortName": "NLOK"
},
"references": [
{
"url": "https://www.gendigital.com/us/en/contact-us/security-advisories/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ev24.1 31.7.2024 or newer.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Update to v24.1 31.7.2024 or newer."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Link Following Local Privilege Escalation Vulnerability in AVG TuneUp Version 23.4",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dbd8429d-f261-4b1e-94cc-ae3132817e2e",
"assignerShortName": "NLOK",
"cveId": "CVE-2024-13960",
"datePublished": "2025-05-09T15:20:29.660Z",
"dateReserved": "2025-05-09T14:22:25.969Z",
"dateUpdated": "2025-05-09T18:54:22.055Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-13959 (GCVE-0-2024-13959)
Vulnerability from cvelistv5 – Published: 2025-05-09 15:20 – Updated: 2025-05-09 19:02- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-13959",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-09T18:58:19.475331Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-09T19:02:14.584Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"64 bit"
],
"product": "TuneUp",
"vendor": "AVG",
"versions": [
{
"status": "affected",
"version": "24.2.16593.9844"
},
{
"status": "unaffected",
"version": "24.3.17165.10564"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Vladislav Berghici of Trend Micro"
},
{
"lang": "en",
"type": "reporter",
"value": "Zero Day Initiative"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Link Following Local Privilege Escalation Vulnerability in TuneupSvc.exe in AVG TuneUp 24.2.16593.9844 on Windows allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via creating a symbolic link and leveraging the service to delete a directory"
}
],
"value": "Link Following Local Privilege Escalation Vulnerability in TuneupSvc.exe in AVG TuneUp 24.2.16593.9844 on Windows allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via creating a symbolic link and leveraging the service to delete a directory"
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-09T15:20:18.308Z",
"orgId": "dbd8429d-f261-4b1e-94cc-ae3132817e2e",
"shortName": "NLOK"
},
"references": [
{
"url": "https://www.gendigital.com/us/en/contact-us/security-advisories/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn upgrade was released on 11.12.2024 in version AVG TuneUp 24.3.17165.10564, upgrade to this or later version.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "An upgrade was released on 11.12.2024 in version AVG TuneUp 24.3.17165.10564, upgrade to this or later version."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Link Following Local Privilege Escalation Vulnerability in AVG TuneUp 24.2.16593.9844",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dbd8429d-f261-4b1e-94cc-ae3132817e2e",
"assignerShortName": "NLOK",
"cveId": "CVE-2024-13959",
"datePublished": "2025-05-09T15:20:18.308Z",
"dateReserved": "2025-05-09T14:11:28.564Z",
"dateUpdated": "2025-05-09T19:02:14.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-13944 (GCVE-0-2024-13944)
Vulnerability from cvelistv5 – Published: 2025-05-09 15:18 – Updated: 2025-10-13 09:52{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-13944",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-09T19:08:47.247841Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-09T19:09:17.086Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"64 bit"
],
"product": "Norton Utilities Ultimate",
"vendor": "Norton",
"versions": [
{
"lessThanOrEqual": "24.3.17165.6812",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"64 bit"
],
"product": "CleanUp",
"vendor": "Avast",
"versions": [
{
"lessThanOrEqual": "24.3.17165.19178",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"platforms": [
"Windows",
"64 bit"
],
"product": "TuneUp",
"vendor": "AVG",
"versions": [
{
"lessThanOrEqual": "24.3.17165.10564",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Vladislav Berghici of Trend Micro Research"
},
{
"lang": "en",
"type": "reporter",
"value": "Zero Day Initiative"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Link Following Local Privilege Escalation Vulnerability in NortonUtilitiesSvc in Norton Utilities Ultimate Version 24.2.16862.6344 on Windows 10 Pro x64 allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via the creation of a symbolic link and leveraging a TOCTTOU (time-of-check to time-of-use) attack.\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Link Following Local Privilege Escalation Vulnerability in NortonUtilitiesSvc in Norton Utilities Ultimate Version 24.2.16862.6344 on Windows 10 Pro x64 allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via the creation of a symbolic link and leveraging a TOCTTOU (time-of-check to time-of-use) attack."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-13T09:52:21.123Z",
"orgId": "dbd8429d-f261-4b1e-94cc-ae3132817e2e",
"shortName": "NLOK"
},
"references": [
{
"url": "https://www.gendigital.com/us/en/contact-us/security-advisories/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUpgrade to the below versions, or newer, released 19/Dec/2024\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eNorton Utilities 24.3 SU1 - 24.3.17165.6812\u003c/li\u003e\u003cli\u003eAvast Cleanup 24.3-SU1 - 24.3.17165.19178\u003c/li\u003e\u003cli\u003eAVG TuneUp 24.3-SU1 - 24.3.17165.10564\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "Upgrade to the below versions, or newer, released 19/Dec/2024\n\n\n\n * Norton Utilities 24.3 SU1 - 24.3.17165.6812\n * Avast Cleanup 24.3-SU1 - 24.3.17165.19178\n * AVG TuneUp 24.3-SU1 - 24.3.17165.10564"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Link Following Local Privilege Escalation Vulnerability in NortonUtilitiesSvc in Norton Utilities Ultimate (Also affects Avast CleanUp and AVG TuneUp)",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dbd8429d-f261-4b1e-94cc-ae3132817e2e",
"assignerShortName": "NLOK",
"cveId": "CVE-2024-13944",
"datePublished": "2025-05-09T15:18:34.124Z",
"dateReserved": "2025-05-06T10:24:53.516Z",
"dateUpdated": "2025-10-13T09:52:21.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-13759 (GCVE-0-2024-13759)
Vulnerability from cvelistv5 – Published: 2025-05-09 15:20 – Updated: 2025-05-09 19:07- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-13759",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-09T19:03:58.226453Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-09T19:07:12.574Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"platforms": [
"wind",
"64 bit"
],
"product": "Prime",
"vendor": "Avira",
"versions": [
{
"lessThanOrEqual": "1.1.96.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Anonymous working with Trend Micro Zero Day Initiative"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Local Privilege Escalation in Avira.Spotlight.Service.exe in Avira Prime 1.1.96.2 on Windows 10 x64\u0026nbsp; allows local attackers to gain system-level privileges via arbitrary file deletion"
}
],
"value": "Local Privilege Escalation in Avira.Spotlight.Service.exe in Avira Prime 1.1.96.2 on Windows 10 x64\u00a0 allows local attackers to gain system-level privileges via arbitrary file deletion"
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-09T15:20:02.750Z",
"orgId": "dbd8429d-f261-4b1e-94cc-ae3132817e2e",
"shortName": "NLOK"
},
"references": [
{
"url": "https://www.gendigital.com/us/en/contact-us/security-advisories/)"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade to the lastest version of Avira Prime"
}
],
"value": "Upgrade to the lastest version of Avira Prime"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Local Privilege Escalation in Avira Prime 1.1.96.2 on Windows 10 x64",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dbd8429d-f261-4b1e-94cc-ae3132817e2e",
"assignerShortName": "NLOK",
"cveId": "CVE-2024-13759",
"datePublished": "2025-05-09T15:20:02.750Z",
"dateReserved": "2025-01-28T13:35:21.915Z",
"dateUpdated": "2025-05-09T19:07:12.574Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-13043 (GCVE-0-2024-13043)
Vulnerability from cvelistv5 – Published: 2024-12-30 20:12 – Updated: 2024-12-30 23:05- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Panda Security | Dome |
Affected:
22.02.01
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-13043",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-30T23:00:50.880427Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-30T23:05:54.331Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Dome",
"vendor": "Panda Security",
"versions": [
{
"status": "affected",
"version": "22.02.01"
}
]
}
],
"dateAssigned": "2024-12-30T15:37:55.544Z",
"datePublic": "2024-12-30T18:02:38.259Z",
"descriptions": [
{
"lang": "en",
"value": "Panda Security Dome Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the Hotspot Shield. By creating a junction, an attacker can abuse the application to delete arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-23478."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-30T20:12:46.300Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1727",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1727/"
}
],
"source": {
"lang": "en",
"value": "Anonymous"
},
"title": "Panda Security Dome Link Following Local Privilege Escalation Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-13043",
"datePublished": "2024-12-30T20:12:46.300Z",
"dateReserved": "2024-12-30T15:37:55.510Z",
"dateUpdated": "2024-12-30T23:05:54.331Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12905 (GCVE-0-2024-12905)
Vulnerability from cvelistv5 – Published: 2025-03-27 16:25 – Updated: 2025-11-03 19:29| URL | Tags |
|---|---|
| https://github.com/mafintosh/tar-fs/commit/a1dd7e… | patch |
| https://www.seal.security/blog/a-link-to-the-past… | technical-description |
| https://lists.debian.org/debian-lts-announce/2025… |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12905",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-27T18:21:53.061002Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T18:25:53.445Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:29:11.810Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00012.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://registry.npmjs.org",
"defaultStatus": "unaffected",
"packageName": "tar-fs",
"programFiles": [
"index.js"
],
"repo": "https://github.com/mafintosh/tar-fs",
"versions": [
{
"changes": [
{
"at": "1.16.4",
"status": "unaffected"
}
],
"lessThan": "1.16.4",
"status": "affected",
"version": "0.0.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "2.1.2",
"status": "unaffected"
}
],
"lessThan": "2.1.2",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
},
{
"changes": [
{
"at": "3.0.8",
"status": "unaffected"
}
],
"lessThan": "3.0.8",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "@bnbdr"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An \u003cstrong\u003eImproper Link Resolution Before File Access (\"Link Following\")\u003c/strong\u003e and \u003cstrong\u003eImproper Limitation of a Pathname to a Restricted Directory (\"Path Traversal\")\u003c/strong\u003e. This vulnerability occurs when extracting a maliciously crafted tar file, which can result in unauthorized file writes or overwrites outside the intended extraction directory. The issue is associated with \u003ccode\u003eindex.js\u003c/code\u003e in the \u003ccode\u003etar-fs\u003c/code\u003e package.\u003cp\u003e\u003c/p\u003e\u003cp\u003eThis issue affects tar-fs: from 0.0.0 before 1.16.4, from 2.0.0 before 2.1.2, from 3.0.0 before 3.0.8.\u003c/p\u003e"
}
],
"value": "An Improper Link Resolution Before File Access (\"Link Following\") and Improper Limitation of a Pathname to a Restricted Directory (\"Path Traversal\"). This vulnerability occurs when extracting a maliciously crafted tar file, which can result in unauthorized file writes or overwrites outside the intended extraction directory. The issue is associated with index.js in the tar-fs package.\n\nThis issue affects tar-fs: from 0.0.0 before 1.16.4, from 2.0.0 before 2.1.2, from 3.0.0 before 3.0.8."
}
],
"impacts": [
{
"capecId": "CAPEC-132",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-132 Symlink Attack"
}
]
},
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-20T15:42:44.814Z",
"orgId": "22e2d327-25fe-45d7-9f0c-dcd23b7108df",
"shortName": "seal"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/mafintosh/tar-fs/commit/a1dd7e7c7f4b4a8bd2ab60f513baca573b44e2ed"
},
{
"tags": [
"technical-description"
],
"url": "https://www.seal.security/blog/a-link-to-the-past-uncovering-a-new-vulnerability-in-tar-fs"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "22e2d327-25fe-45d7-9f0c-dcd23b7108df",
"assignerShortName": "seal",
"cveId": "CVE-2024-12905",
"datePublished": "2025-03-27T16:25:34.410Z",
"dateReserved": "2024-12-23T13:53:01.494Z",
"dateUpdated": "2025-11-03T19:29:11.810Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-12754 (GCVE-0-2024-12754)
Vulnerability from cvelistv5 – Published: 2024-12-30 16:51 – Updated: 2024-12-31 19:09- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12754",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-31T19:08:52.110090Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-31T19:09:11.684Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "AnyDesk",
"vendor": "AnyDesk",
"versions": [
{
"status": "affected",
"version": "8.0.9.0"
}
]
}
],
"dateAssigned": "2024-12-18T16:30:30.403Z",
"datePublic": "2024-12-19T19:25:46.903Z",
"descriptions": [
{
"lang": "en",
"value": "AnyDesk Link Following Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of AnyDesk. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the handling of background images. By creating a junction, an attacker can abuse the service to read arbitrary files. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-23940."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-30T16:51:19.468Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1711",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1711/"
}
],
"source": {
"lang": "en",
"value": "Naor Hodorov"
},
"title": "AnyDesk Link Following Information Disclosure Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-12754",
"datePublished": "2024-12-30T16:51:19.468Z",
"dateReserved": "2024-12-18T16:30:30.396Z",
"dateUpdated": "2024-12-31T19:09:11.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12753 (GCVE-0-2024-12753)
Vulnerability from cvelistv5 – Published: 2024-12-30 20:14 – Updated: 2025-01-09 19:26- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
| https://www.foxit.com/support/security-bulletins.html | vendor-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| Foxit | PDF Reader |
Affected:
2024.2.3.25184
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12753",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-09T15:56:18.843559Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T19:26:22.102Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "PDF Reader",
"vendor": "Foxit",
"versions": [
{
"status": "affected",
"version": "2024.2.3.25184"
}
]
}
],
"dateAssigned": "2024-12-18T16:29:58.808Z",
"datePublic": "2024-12-30T18:15:18.999Z",
"descriptions": [
{
"lang": "en",
"value": "Foxit PDF Reader Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the product installer. By creating a junction, an attacker can abuse the installer process to create an arbitrary file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-25408."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-30T20:14:13.391Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1739",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1739/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://www.foxit.com/support/security-bulletins.html"
}
],
"source": {
"lang": "en",
"value": "Anonymous"
},
"title": "Foxit PDF Reader Link Following Local Privilege Escalation Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-12753",
"datePublished": "2024-12-30T20:14:13.391Z",
"dateReserved": "2024-12-18T16:29:58.802Z",
"dateUpdated": "2025-01-09T19:26:22.102Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation MIT-48.1
Strategy: Separation of Privilege
- Follow the principle of least privilege when assigning access rights to entities in a software system.
- Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.
CAPEC-132: Symlink Attack
An adversary positions a symbolic link in such a manner that the targeted user or application accesses the link's endpoint, assuming that it is accessing a file with the link's name.
CAPEC-17: Using Malicious Files
An attack of this type exploits a system's configuration that allows an adversary to either directly access an executable file, for example through shell access; or in a possible worst case allows an adversary to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.
CAPEC-35: Leverage Executable Code in Non-Executable Files
An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.
CAPEC-76: Manipulating Web Input to File System Calls
An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.