Vulnerability Description
Mids' Reborn Hero Designer 2.6.0.7 has an elevation of privilege vulnerability due to default and insecure permissions being set for the installation folder. By default, the Authenticated Users group has Modify permissions to the installation folder. Because of this, any user on the system can replace binaries or plant malicious DLLs to obtain elevated, or different, privileges, depending on the context of the user that runs the application.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mids\' Reborn Hero Designer Project | Mids\' Reborn Hero Designer | 2.6.0.7 |
Related Weaknesses (CWE)
References
- https://github.com/Crytilis/mids-reborn-hero-designer/releasesRelease NotesThird Party Advisory
- https://www.doyler.net/security-not-included/mids-reborn-vulnerabilitiesExploitThird Party Advisory
- https://github.com/Crytilis/mids-reborn-hero-designer/releasesRelease NotesThird Party Advisory
- https://www.doyler.net/security-not-included/mids-reborn-vulnerabilitiesExploitThird Party Advisory
FAQ
What is CVE-2020-11613?
CVE-2020-11613 is a vulnerability with a CVSS score of 7.8 (HIGH). Mids' Reborn Hero Designer 2.6.0.7 has an elevation of privilege vulnerability due to default and insecure permissions being set for the installation folder. By default, the Authenticated Users group ...
How severe is CVE-2020-11613?
CVE-2020-11613 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-11613?
Check the references section above for vendor advisories and patch information. Affected products include: Mids\' Reborn Hero Designer Project Mids\' Reborn Hero Designer.