Vulnerability Details CVE-2020-8950
The AUEPLauncher service in Radeon AMD User Experience Program Launcher through 1.0.0.1 on Windows allows elevation of privilege by placing a crafted file in %PROGRAMDATA%\AMD\PPC\upload and then creating a symbolic link in %PROGRAMDATA%\AMD\PPC\temp that points to an arbitrary folder with an arbitrary file name.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.028
EPSS Ranking 85.6%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 7.2
References
- https://heynowyouseeme.blogspot.com/2020/02/another-privilege-escalation-filewrite.html
- https://heynowyouseeme.blogspot.com/2020/02/privilege-escalation-filewrite-eop-in.html
- https://heynowyouseeme.blogspot.com/2020/02/another-privilege-escalation-filewrite.html
- https://heynowyouseeme.blogspot.com/2020/02/privilege-escalation-filewrite-eop-in.html
Products affected by CVE-2020-8950
-
cpe:2.3:a:amd:user_experience_program:-
-
cpe:2.3:a:amd:user_experience_program:1.0.0.1
-
cpe:2.3:o:microsoft:windows:-