Vulnerabilities > CVE-2021-41065 - Exposure of Resource to Wrong Sphere vulnerability in Bopsoft Listary

047910
CVSS 7.3 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
bopsoft
CWE-668

Summary

An issue was discovered in Listary through 6. An attacker can create a \\.\pipe\Listary.listaryService named pipe and wait for a privileged user to open a session on the Listary installed host. Listary will automatically access the named pipe and the attacker will be able to duplicate the victim's token to impersonate him. This exploit is valid in certain Windows versions (Microsoft has patched the issue in later Windows 10 builds).

Vulnerable Configurations

Part Description Count
Application
Bopsoft
1

Common Weakness Enumeration (CWE)