Published: 12/02/2020 Updated: 19/02/2020

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 641

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

The AUEPLauncher service in Radeon AMD User Experience Program Launcher up to and including 1.0.0.1 on Windows allows elevation of privilege by placing a crafted file in %PROGRAMDATA%\AMD\PPC\upload and then creating a symbolic link in %PROGRAMDATA%\AMD\PPC\temp that points to an arbitrary folder with an arbitrary file name.

Vulnerable Product	Search on Vulmon	Subscribe to Product
amd user_experience_program

CVE-2020-8950 AMD User Experience Program Launcher from Radeon Software Privilege Escalation ( FileWrite eop)

amd_eop_poc (CVE-2020-8950) AMD User Experience Program Launcher from Radeon Software Privilege Escalation (FileWrite eop) Read the notetxt heynowyouseemeblogspotcom/2020/02/privilege-escalation-filewrite-eop-inhtml heynowyouseemeblogspotcom/2020/02/another-privilege-escalation-filewritehtml @404death

CWE-59 https://heynowyouseeme.blogspot.com/2020/02/another-privilege-escalation-filewrite.html https://heynowyouseeme.blogspot.com/2020/02/privilege-escalation-filewrite-eop-in.html https://nvd.nist.gov https://github.com/sailay1996/amd_eop_poc

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-8950

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect