Vulnerability Description
The Pronestor PNHM (aka Health Monitoring or HealthMonitor) add-in before 8.1.13.0 for Outlook has "BUILTIN\Users:(I)(F)" permissions for the "%PROGRAMFILES(X86)%\proNestor\Outlook add-in for Pronestor\PronestorHealthMonitor.exe" file, which allows local users to gain privileges via a Trojan horse PronestorHealthMonitor.exe file.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pronestor | Pronestor Health Monitoring | < 8.1.12.0 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/153275/Pronestor-Health-Monitoring-Privileg
- https://gist.github.com/povlteksttv/8f990e11576e1e90e8fb61acf8646d28ExploitThird Party Advisory
- https://www.pronestor.comProductVendor Advisory
- http://packetstormsecurity.com/files/153275/Pronestor-Health-Monitoring-Privileg
- https://gist.github.com/povlteksttv/8f990e11576e1e90e8fb61acf8646d28ExploitThird Party Advisory
- https://www.pronestor.comProductVendor Advisory
FAQ
What is CVE-2018-19113?
CVE-2018-19113 is a vulnerability with a CVSS score of 7.3 (HIGH). The Pronestor PNHM (aka Health Monitoring or HealthMonitor) add-in before 8.1.13.0 for Outlook has "BUILTIN\Users:(I)(F)" permissions for the "%PROGRAMFILES(X86)%\proNestor\Outlook add-in for Pronesto...
How severe is CVE-2018-19113?
CVE-2018-19113 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-19113?
Check the references section above for vendor advisories and patch information. Affected products include: Pronestor Pronestor Health Monitoring.