CVE-2020-10733 – The Windows installer for PostgreSQL 9.5 – 12 invokes system-provided executables that do …

16 September 2020

Vuln ID: CVE-2020-10733

Published: 2020-09-16 15:15:12Z

Description: The Windows installer for PostgreSQL 9.5 – 12 invokes system-provided executables that do not have fully-qualified paths. Executables in the directory where the installer loads or the current working directory take precedence over the intended executables. An attacker having permission to add files into one of those directories can use this to execute arbitrary code with the installer’s administrative rights.

Source: NVD.NIST.GOV

Date:

16 September 2020

Categorie(s):

NVD

Tag(s):

NVD

Overcoming GenAI challenges in healthcare cybersecurity25 April 2024
25 cybersecurity AI stats you should know25 April 2024
73% of SME security pros missed or ignored critical alerts25 April 2024
Battening down the hatches: Navigating third-party cyber threats 25 April 2024
Australia’s spies and cops want ‘accountable encryption’ – aka access to backdoors25 April 2024