February 17, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – CVE-2019-19781 – Citrix Application Delivery Controller and Citrix Gateway RCE Vulnerability
December 24, 2019Rewterz Threat Advisory – CVE-2019-5702 – NVIDIA Patches GeForce Experience Vulnerability
December 24, 2019Rewterz Threat Advisory – CVE-2019-19781 – Citrix Application Delivery Controller and Citrix Gateway RCE Vulnerability
December 24, 2019Rewterz Threat Advisory – CVE-2019-5702 – NVIDIA Patches GeForce Experience Vulnerability
December 24, 2019
Severity
Medium
Analysis Summary
The vulnerability exists in Dropbox for Windows and is an arbitrary file overwrite issue that can give an attacker with local user access escalated privileges to execute code as SYSTEM. DropboxUpdater is installed as part of the Dropbox client software,it runs as SYSTEM in standard installations and that “one of the dropboxupdate tasks is run every hour by the task scheduler.” Every time this is triggered, it writes a log file to a location where the SYSTEM account leaves it vulnerable to exploitation.
Impact
System Privileges
Affected Vendors
Dropbox
Affected Products
Dropbox for Windows
Remediation
Dropbox is yet to release a fix for the vulnerability.