Note:
This project will be discontinued after December 13, 2021. [more]
2019-12-24
Signal Desktop before 1.29.1 on Windows allows local users to gain privileges by creating a Trojan horse %SYSTEMDRIVE%\node_modules\.bin\wmic.exe file.
Products | Signal\-Desktop |
Type | Improper Privilege Management (CWE-269) |
First patch | - None (likely due to unavailable code) |
Links |
• https://blog.mirch.io/2019/12/18/signal-desktop-windows-lpe/
• https://github.com/signalapp/Signal-Desktop/commit/2da39cca673cc11be3c6d70d4fb95889f9ab6688 |