Security & Vulnerability Researcher / Professional Penetration Tester

CVE-2020-27644 - 1E - Unquoted Search Path or Element

The Inventory module of the 1E Client doesn’t handle an unquoted path when executing %PROGRAMFILES%\1E\Client\Tachyon.Performance.Metrics.exe. This may allow remote authenticated users and local users to gain elevated privileges by placing a malicious file called cryptbase.dll to the C:\Windows\Temp.

1E Security Advisory

buy me a coffee