Insecure Operation on Windows Junction / Mount Point

CVE-2024-7400

High

8.5/10

Summary

The vulnerability potentially allowed an attacker to misuse ESET’s file operations during the removal of a detected file on the Windows operating system to delete files without having proper permissions to do so.

Attack Complexity: LOW
Attack Vector: LOCAL
User Interaction: NONE
Privileges Required: LOW

CWE-1386 - Insecure Operation on Windows Junction / Mount Point

The software opens a file or directory, but it does not properly prevent the name from being associated with a junction or mount point to a destination that is outside of the intended control sphere.

References

Advisory Timeline

Published Sep 27, 2024

Insecure Operation on Windows Junction / Mount Point

CVE-2024-7400

Summary

CWE-1386 - Insecure Operation on Windows Junction / Mount Point

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS