Vulnerability Description
The AUEPLauncher service in Radeon AMD User Experience Program Launcher through 1.0.0.1 on Windows allows elevation of privilege by placing a crafted file in %PROGRAMDATA%\AMD\PPC\upload and then creating a symbolic link in %PROGRAMDATA%\AMD\PPC\temp that points to an arbitrary folder with an arbitrary file name.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Amd | User Experience Program | <= 1.0.0.1 |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
- https://heynowyouseeme.blogspot.com/2020/02/another-privilege-escalation-filewriExploitThird Party Advisory
- https://heynowyouseeme.blogspot.com/2020/02/privilege-escalation-filewrite-eop-iExploitThird Party Advisory
- https://heynowyouseeme.blogspot.com/2020/02/another-privilege-escalation-filewriExploitThird Party Advisory
- https://heynowyouseeme.blogspot.com/2020/02/privilege-escalation-filewrite-eop-iExploitThird Party Advisory
FAQ
What is CVE-2020-8950?
CVE-2020-8950 is a vulnerability with a CVSS score of 7.8 (HIGH). The AUEPLauncher service in Radeon AMD User Experience Program Launcher through 1.0.0.1 on Windows allows elevation of privilege by placing a crafted file in %PROGRAMDATA%\AMD\PPC\upload and then crea...
How severe is CVE-2020-8950?
CVE-2020-8950 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-8950?
Check the references section above for vendor advisories and patch information. Affected products include: Amd User Experience Program, Microsoft Windows.