CVE-2021-41334
published 2021-10-13CVE-2021-41334: Windows Desktop Bridge Elevation of Privilege Vulnerability
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
Windows Desktop Bridge Elevation of Privilege Vulnerability
Affected
25 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| astropy | astropy | >= 0 < 5.3.3 | 5.3.3 |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10_version_2004 | >= 10.0.0 < 10.0.19041.1288 | 10.0.19041.1288 |
| microsoft | windows_10_version_20h2 | >= 10.0.0 < 10.0.19042.1288 | 10.0.19042.1288 |
| microsoft | windows_10_version_21h1 | >= 10.0.0 < 10.0.19043.1288 | 10.0.19043.1288 |
| microsoft | windows_11_version_21h2 | >= 10.0.0 < 10.0.22000.258 | 10.0.22000.258 |
| microsoft | windows_server_2016 | — | — |
| microsoft | windows_server_2016 | — | — |
| microsoft | windows_server_2022 | >= 10.0.0 < 10.0.20348.288 | 10.0.20348.288 |
| microsoft | windows_server_version_2004 | >= 10.0.0 < 10.0.19041.1288 | 10.0.19041.1288 |
| microsoft | windows_server_version_20h2 | >= 10.0.0 < 10.0.19042.1288 | 10.0.19042.1288 |
| msrc | windows_10_version_2004_for_32-bit_systems | — | — |
| msrc | windows_10_version_2004_for_arm64-based_systems | — | — |
| msrc | windows_10_version_2004_for_x64-based_systems | — | — |
| msrc | windows_10_version_20h2_for_32-bit_systems | — | — |
| msrc | windows_10_version_20h2_for_arm64-based_systems | — | — |
| msrc | windows_10_version_21h1_for_32-bit_systems | — | — |
| msrc | windows_10_version_21h1_for_arm64-based_systems | — | — |
| msrc | windows_11_version_21h2_for_arm64-based_systems | — | — |
| msrc | windows_11_version_21h2_for_x64-based_systems | — | — |
| msrc | windows_server_2022 | — | — |
| msrc | windows_server_version_2004 | — | — |
| msrc | windows_server_version_20h2 | — | — |
Microsoft
Windows Desktop Bridge Elevation of Privilege Vulnerability
vendor_msrc·2021-10-12·CVSS 7.0
CVE-2021-41334 [HIGH] Windows Desktop Bridge Elevation of Privilege Vulnerability
Windows Desktop Bridge Elevation of Privilege Vulnerability
Windows Desktop Bridge: Windows Desktop Bridge
Microsoft: Microsoft
Impact: Elevation of Privilege
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5006670
Reference: https://support.microsoft.com/help/5006670
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5006699
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5006674
GHSA
RCE in TranformGraph().to_dot_graph function
ghsa·2024-03-18
CVE-2023-41334 [HIGH] CWE-74 RCE in TranformGraph().to_dot_graph function
RCE in TranformGraph().to_dot_graph function
### Summary
RCE due to improper input validation in TranformGraph().to_dot_graph function
### Details
Due to improper input validation a malicious user can provide a command or a script file as a value to `savelayout` argument, which will be placed as the first value in a list of arguments passed to `subprocess.Popen`.
https://github.com/astropy/astropy/blob/9b97d98802ee4f5350a62b681c35d8687ee81d91/astropy/coordinates/transformations.py#L539
Although an error will be raised, the command or script will be executed successfully.
### PoC
```shell
$ cat /tmp/script
#!/bin/bash
echo astrorce > /tmp/poc.txt
```
```shell
$ python3
Python 3.9.2 (default, Feb 28 2021, 17:03:44)
[GCC 10.2.1 20210110] on linux
Type "help", "copyright", "credits" or "l
GHSA
GHSA-cp6h-5pcm-v6v4: Windows Desktop Bridge Elevation of Privilege Vulnerability
ghsa_unreviewed·2022-05-24
CVE-2021-41334 [HIGH] CWE-269 GHSA-cp6h-5pcm-v6v4: Windows Desktop Bridge Elevation of Privilege Vulnerability
Windows Desktop Bridge Elevation of Privilege Vulnerability
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-10-13
Published