The CorsairService Service in Corsair Utility Engine is installed with insecure default permissions, which allows unprivileged local users to execute arbitrary commands via modification of the CorsairService BINARY_PATH_NAME, leading to complete control of the affected system. The issue exists due to the Windows "Everyone" group being granted SERVICE_ALL_ACCESS permissions to the CorsairService Service.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
corsair corsair utility engine 3.7.99 |
||
corsair corsair utility engine 3.3.103 |
||
corsair corsair utility engine 3.4.95 |
||
corsair corsair utility engine 3.6.109 |
||
corsair corsair utility engine 3.2.87 |