CWE-59
Improper Link Resolution Before File Access ('Link Following')
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
CVE-2024-6260 (GCVE-0-2024-6260)
Vulnerability from cvelistv5 – Published: 2024-11-22 20:05 – Updated: 2024-12-05 14:43
VLAI
Title
Malwarebytes Antimalware Link Following Local Privilege Escalation Vulnerability
Summary
Malwarebytes Antimalware Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Malwarebytes Antimalware. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the Malwarebytes service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22321.
Severity
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
| https://www.malwarebytes.com/secure/cves | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Malwarebytes | Anti-Malware |
Affected:
4.6.6
|
Date Public
2024-09-05 18:19
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:malwarebytes:antimalware:4.6.6:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "antimalware",
"vendor": "malwarebytes",
"versions": [
{
"status": "affected",
"version": "4.6.6"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6260",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T15:16:06.785529Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-05T14:43:46.511Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Anti-Malware",
"vendor": "Malwarebytes",
"versions": [
{
"status": "affected",
"version": "4.6.6"
}
]
}
],
"dateAssigned": "2024-06-21T21:48:25.146Z",
"datePublic": "2024-09-05T18:19:47.580Z",
"descriptions": [
{
"lang": "en",
"value": "Malwarebytes Antimalware Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Malwarebytes Antimalware. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the Malwarebytes service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22321."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T20:05:47.059Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1195",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1195/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://www.malwarebytes.com/secure/cves"
}
],
"source": {
"lang": "en",
"value": "Anonymous"
},
"title": "Malwarebytes Antimalware Link Following Local Privilege Escalation Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-6260",
"datePublished": "2024-11-22T20:05:47.059Z",
"dateReserved": "2024-06-21T21:48:25.129Z",
"dateUpdated": "2024-12-05T14:43:46.511Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-6868 (GCVE-0-2024-6868)
Vulnerability from cvelistv5 – Published: 2024-10-29 12:46 – Updated: 2025-10-15 12:49
VLAI
Title
Arbitrary File Write in mudler/LocalAI
Summary
mudler/LocalAI version 2.17.1 allows for arbitrary file write due to improper handling of automatic archive extraction. When model configurations specify additional files as archives (e.g., .tar), these archives are automatically extracted after downloading. This behavior can be exploited to perform a 'tarslip' attack, allowing files to be written to arbitrary locations on the server, bypassing checks that normally restrict files to the models directory. This vulnerability can lead to remote code execution (RCE) by overwriting backend assets used by the server.
Severity
8.1 (High)
CWE
- CWE-59 - Improper Link Resolution Before File Access
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| mudler | mudler/localai |
Affected:
unspecified , < 2.18.1
(custom)
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mudler:localai:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "localai",
"vendor": "mudler",
"versions": [
{
"lessThan": "2.18.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-6868",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-29T13:19:07.645269Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T13:33:58.219Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "mudler/localai",
"vendor": "mudler",
"versions": [
{
"lessThan": "2.18.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "mudler/LocalAI version 2.17.1 allows for arbitrary file write due to improper handling of automatic archive extraction. When model configurations specify additional files as archives (e.g., .tar), these archives are automatically extracted after downloading. This behavior can be exploited to perform a \u0027tarslip\u0027 attack, allowing files to be written to arbitrary locations on the server, bypassing checks that normally restrict files to the models directory. This vulnerability can lead to remote code execution (RCE) by overwriting backend assets used by the server."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59 Improper Link Resolution Before File Access",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-15T12:49:47.751Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/752d2376-2d9a-4e17-b462-3c267f9dd229"
},
{
"url": "https://github.com/mudler/localai/commit/a181dd0ebc5d3092fc50f61674d552604fe8ef9c"
}
],
"source": {
"advisory": "752d2376-2d9a-4e17-b462-3c267f9dd229",
"discovery": "EXTERNAL"
},
"title": "Arbitrary File Write in mudler/LocalAI"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2024-6868",
"datePublished": "2024-10-29T12:46:54.732Z",
"dateReserved": "2024-07-17T21:19:44.930Z",
"dateUpdated": "2025-10-15T12:49:47.751Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7227 (GCVE-0-2024-7227)
Vulnerability from cvelistv5 – Published: 2024-11-22 21:11 – Updated: 2024-11-25 16:55
VLAI
Title
Avast Free Antivirus AvastSvc Link Following Local Privilege Escalation Vulnerability
Summary
Avast Free Antivirus AvastSvc Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Free Antivirus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the Avast Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22272.
Severity
7.8 (High)
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Avast | Free Antivirus |
Affected:
23.9.6082
|
Date Public
2024-07-29 21:36
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:avast:free_antivirus:23.9.6082:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "free_antivirus",
"vendor": "avast",
"versions": [
{
"status": "affected",
"version": "23.9.6082"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7227",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-25T16:10:17.673678Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-25T16:55:56.660Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Free Antivirus",
"vendor": "Avast",
"versions": [
{
"status": "affected",
"version": "23.9.6082"
}
]
}
],
"dateAssigned": "2024-07-29T20:22:38.069Z",
"datePublic": "2024-07-29T21:36:47.293Z",
"descriptions": [
{
"lang": "en",
"value": "Avast Free Antivirus AvastSvc Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Free Antivirus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the Avast Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22272."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T21:11:51.625Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1003",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1003/"
}
],
"source": {
"lang": "en",
"value": "Nicholas Zubrisky and Michael DePlante (@izobashi) of Trend Micro\u0027s Zero Day Initiative"
},
"title": "Avast Free Antivirus AvastSvc Link Following Local Privilege Escalation Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-7227",
"datePublished": "2024-11-22T21:11:51.625Z",
"dateReserved": "2024-07-29T20:22:38.024Z",
"dateUpdated": "2024-11-25T16:55:56.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7228 (GCVE-0-2024-7228)
Vulnerability from cvelistv5 – Published: 2024-11-22 21:11 – Updated: 2024-11-23 01:26
VLAI
Title
Avast Free Antivirus Link Following Denial-of-Service Vulnerability
Summary
Avast Free Antivirus Link Following Denial-of-Service Vulnerability. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Avast Free Antivirus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the Avast Service. By creating a symbolic link, an attacker can abuse the service to create a folder. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-22806.
Severity
6.1 (Medium)
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Avast | Free Antivirus |
Affected:
23.11.6090 Build 23.11.8365.809
|
Date Public
2024-07-29 21:36
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7228",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-23T01:17:47.867142Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-23T01:26:25.282Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Free Antivirus",
"vendor": "Avast",
"versions": [
{
"status": "affected",
"version": "23.11.6090 Build 23.11.8365.809"
}
]
}
],
"dateAssigned": "2024-07-29T20:22:57.122Z",
"datePublic": "2024-07-29T21:36:23.106Z",
"descriptions": [
{
"lang": "en",
"value": "Avast Free Antivirus Link Following Denial-of-Service Vulnerability. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Avast Free Antivirus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the Avast Service. By creating a symbolic link, an attacker can abuse the service to create a folder. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-22806."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T21:11:37.314Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-999",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-999/"
}
],
"source": {
"lang": "en",
"value": "Nicholas Zubrisky (@NZubrisky) and Michael DePlante (@izobashi) of Trend Micro\u0027s Zero Day Initiative"
},
"title": "Avast Free Antivirus Link Following Denial-of-Service Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-7228",
"datePublished": "2024-11-22T21:11:37.314Z",
"dateReserved": "2024-07-29T20:22:57.091Z",
"dateUpdated": "2024-11-23T01:26:25.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7229 (GCVE-0-2024-7229)
Vulnerability from cvelistv5 – Published: 2024-11-22 21:11 – Updated: 2024-11-25 17:03
VLAI
Title
Avast Cleanup Premium Link Following Local Privilege Escalation Vulnerability
Summary
Avast Cleanup Premium Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Cleanup Premium. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the Avast Cleanup Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22892.
Severity
7.8 (High)
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Avast | Cleanup Premium |
Affected:
23.4 (build 15592)
|
Date Public
2024-07-29 21:36
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:avast:cleanup:23.4:*:*:*:premium:*:*:*"
],
"defaultStatus": "unknown",
"product": "cleanup",
"vendor": "avast",
"versions": [
{
"status": "affected",
"version": "23.4"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7229",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-25T16:10:11.412159Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-25T17:03:04.735Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cleanup Premium",
"vendor": "Avast",
"versions": [
{
"status": "affected",
"version": "23.4 (build 15592)"
}
]
}
],
"dateAssigned": "2024-07-29T20:23:13.996Z",
"datePublic": "2024-07-29T21:36:41.322Z",
"descriptions": [
{
"lang": "en",
"value": "Avast Cleanup Premium Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Cleanup Premium. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the Avast Cleanup Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22892."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T21:11:47.802Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1002",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1002/"
}
],
"source": {
"lang": "en",
"value": "Anonymous"
},
"title": "Avast Cleanup Premium Link Following Local Privilege Escalation Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-7229",
"datePublished": "2024-11-22T21:11:47.802Z",
"dateReserved": "2024-07-29T20:23:13.968Z",
"dateUpdated": "2024-11-25T17:03:04.735Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7230 (GCVE-0-2024-7230)
Vulnerability from cvelistv5 – Published: 2024-11-22 21:11 – Updated: 2024-11-25 17:05
VLAI
Title
Avast Cleanup Premium Link Following Local Privilege Escalation Vulnerability
Summary
Avast Cleanup Premium Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Cleanup Premium. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the Avast Cleanup Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22893.
Severity
7.8 (High)
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Avast | Cleanup Premium |
Affected:
23.4 (build 15592)
|
Date Public
2024-07-29 21:36
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:avast:cleanup:23.4:*:*:*:premium:*:*:*"
],
"defaultStatus": "unknown",
"product": "cleanup",
"vendor": "avast",
"versions": [
{
"status": "affected",
"version": "23.4"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7230",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-25T17:03:04.935643Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-25T17:05:55.627Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cleanup Premium",
"vendor": "Avast",
"versions": [
{
"status": "affected",
"version": "23.4 (build 15592)"
}
]
}
],
"dateAssigned": "2024-07-29T20:23:50.951Z",
"datePublic": "2024-07-29T21:36:29.198Z",
"descriptions": [
{
"lang": "en",
"value": "Avast Cleanup Premium Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Cleanup Premium. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the Avast Cleanup Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22893."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T21:11:40.981Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1000",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1000/"
}
],
"source": {
"lang": "en",
"value": "Anonymous"
},
"title": "Avast Cleanup Premium Link Following Local Privilege Escalation Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-7230",
"datePublished": "2024-11-22T21:11:40.981Z",
"dateReserved": "2024-07-29T20:23:50.921Z",
"dateUpdated": "2024-11-25T17:05:55.627Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7231 (GCVE-0-2024-7231)
Vulnerability from cvelistv5 – Published: 2024-11-22 21:11 – Updated: 2024-11-25 17:05
VLAI
Title
Avast Cleanup Premium Link Following Local Privilege Escalation Vulnerability
Summary
Avast Cleanup Premium Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Cleanup Premium. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the Avast Cleanup Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22894.
Severity
7.8 (High)
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Avast | Cleanup Premium |
Affected:
23.4 (build 15592)
|
Date Public
2024-07-29 21:36
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:avast:cleanup:23.4:*:*:*:premium:*:*:*"
],
"defaultStatus": "unknown",
"product": "cleanup",
"vendor": "avast",
"versions": [
{
"status": "affected",
"version": "23.4"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7231",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-25T17:02:58.631615Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-25T17:05:55.455Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Cleanup Premium",
"vendor": "Avast",
"versions": [
{
"status": "affected",
"version": "23.4 (build 15592)"
}
]
}
],
"dateAssigned": "2024-07-29T20:24:11.152Z",
"datePublic": "2024-07-29T21:36:34.592Z",
"descriptions": [
{
"lang": "en",
"value": "Avast Cleanup Premium Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Cleanup Premium. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the Avast Cleanup Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22894."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T21:11:43.941Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1001",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1001/"
}
],
"source": {
"lang": "en",
"value": "Anonymous"
},
"title": "Avast Cleanup Premium Link Following Local Privilege Escalation Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-7231",
"datePublished": "2024-11-22T21:11:43.941Z",
"dateReserved": "2024-07-29T20:24:11.125Z",
"dateUpdated": "2024-11-25T17:05:55.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7232 (GCVE-0-2024-7232)
Vulnerability from cvelistv5 – Published: 2024-11-22 21:11 – Updated: 2024-11-25 16:56
VLAI
Title
Avast Free Antivirus AvastSvc Link Following Local Privilege Escalation Vulnerability
Summary
Avast Free Antivirus AvastSvc Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Free Antivirus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the Avast Service. By creating a symbolic link, an attacker can abuse the service to delete a folder. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22963.
Severity
7.8 (High)
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Avast | Free Antivirus |
Affected:
23.12.6094 (build 23.12.8700.813)
|
Date Public
2024-07-29 21:36
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:avast:free_antivirus:23.12.6094:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "free_antivirus",
"vendor": "avast",
"versions": [
{
"status": "affected",
"version": "23.12.6094"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7232",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-25T16:10:14.988104Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-25T16:56:38.432Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Free Antivirus",
"vendor": "Avast",
"versions": [
{
"status": "affected",
"version": "23.12.6094 (build 23.12.8700.813)"
}
]
}
],
"dateAssigned": "2024-07-29T20:24:25.887Z",
"datePublic": "2024-07-29T21:36:52.579Z",
"descriptions": [
{
"lang": "en",
"value": "Avast Free Antivirus AvastSvc Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Free Antivirus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the Avast Service. By creating a symbolic link, an attacker can abuse the service to delete a folder. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22963."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T21:11:55.180Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1004",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1004/"
}
],
"source": {
"lang": "en",
"value": "Nicholas Zubrisky (@NZubrisky) and Michael DePlante (@izobashi) of Trend Micro\u0027s Zero Day Initiative"
},
"title": "Avast Free Antivirus AvastSvc Link Following Local Privilege Escalation Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-7232",
"datePublished": "2024-11-22T21:11:55.180Z",
"dateReserved": "2024-07-29T20:24:25.856Z",
"dateUpdated": "2024-11-25T16:56:38.432Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7233 (GCVE-0-2024-7233)
Vulnerability from cvelistv5 – Published: 2024-11-22 21:11 – Updated: 2024-11-25 16:54
VLAI
Title
Avast Free Antivirus AvastSvc Link Following Local Privilege Escalation Vulnerability
Summary
Avast Free Antivirus AvastSvc Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Free Antivirus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the Avast Service. By creating a symbolic link, an attacker can abuse the service to delete a folder. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-23731.
Severity
7.8 (High)
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Avast | Free Antivirus |
Affected:
24.2.6105 (build 24.2.8918.827)
|
Date Public
2024-07-29 21:37
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:avast:free_antivirus:24.2.6105:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "free_antivirus",
"vendor": "avast",
"versions": [
{
"status": "affected",
"version": "24.2.6105"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7233",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-25T16:10:16.431163Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-25T16:54:53.562Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Free Antivirus",
"vendor": "Avast",
"versions": [
{
"status": "affected",
"version": "24.2.6105 (build 24.2.8918.827)"
}
]
}
],
"dateAssigned": "2024-07-29T20:24:48.488Z",
"datePublic": "2024-07-29T21:37:04.565Z",
"descriptions": [
{
"lang": "en",
"value": "Avast Free Antivirus AvastSvc Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Free Antivirus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the Avast Service. By creating a symbolic link, an attacker can abuse the service to delete a folder. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-23731."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T21:11:59.586Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1005",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1005/"
}
],
"source": {
"lang": "en",
"value": "Naor Hodorov"
},
"title": "Avast Free Antivirus AvastSvc Link Following Local Privilege Escalation Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-7233",
"datePublished": "2024-11-22T21:11:59.586Z",
"dateReserved": "2024-07-29T20:24:48.461Z",
"dateUpdated": "2024-11-25T16:54:53.562Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7234 (GCVE-0-2024-7234)
Vulnerability from cvelistv5 – Published: 2024-11-22 21:12 – Updated: 2024-12-05 14:29
VLAI
Title
AVG AntiVirus Free AVGSvc Link Following Local Privilege Escalation Vulnerability
Summary
AVG AntiVirus Free AVGSvc Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of AVG AntiVirus Free. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
The specific flaw exists within the AVG Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22260.
Severity
7.8 (High)
CWE
- CWE-59 - Improper Link Resolution Before File Access ('Link Following')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-… | x_research-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| AVG | AntiVirus Free |
Affected:
23.9.8494.795
|
Date Public
2024-07-29 21:37
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:avg:anti-virus:23.9.8494.795:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "anti-virus",
"vendor": "avg",
"versions": [
{
"status": "affected",
"version": "23.9.8494.795"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7234",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T15:15:19.789656Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-05T14:29:22.161Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "AntiVirus Free",
"vendor": "AVG",
"versions": [
{
"status": "affected",
"version": "23.9.8494.795"
}
]
}
],
"dateAssigned": "2024-07-29T20:26:13.260Z",
"datePublic": "2024-07-29T21:37:21.043Z",
"descriptions": [
{
"lang": "en",
"value": "AVG AntiVirus Free AVGSvc Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of AVG AntiVirus Free. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the AVG Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22260."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-22T21:12:10.251Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1008",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1008/"
}
],
"source": {
"lang": "en",
"value": "Nicholas Zubrisky and Michael DePlante (@izobashi) of Trend Micro\u0027s Zero Day Initiative"
},
"title": "AVG AntiVirus Free AVGSvc Link Following Local Privilege Escalation Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-7234",
"datePublished": "2024-11-22T21:12:10.251Z",
"dateReserved": "2024-07-29T20:26:13.233Z",
"dateUpdated": "2024-12-05T14:29:22.161Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation ID: MIT-48.1
Phase: Architecture and Design
Strategy: Separation of Privilege
Description:
- Follow the principle of least privilege when assigning access rights to entities in a software system.
- Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.
CAPEC-132: Symlink Attack
An adversary positions a symbolic link in such a manner that the targeted user or application accesses the link's endpoint, assuming that it is accessing a file with the link's name.
CAPEC-17: Using Malicious Files
An attack of this type exploits a system's configuration that allows an adversary to either directly access an executable file, for example through shell access; or in a possible worst case allows an adversary to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.
CAPEC-35: Leverage Executable Code in Non-Executable Files
An attack of this type exploits a system's trust in configuration and resource files. When the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high.
CAPEC-76: Manipulating Web Input to File System Calls
An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.