Rewterz

Rewterz Threat Advisory – CVE-2019-19781 – Citrix Application Delivery Controller and Citrix Gateway RCE Vulnerability

December 24, 2019
Rewterz

Rewterz Threat Advisory – CVE-2019-5702 – NVIDIA Patches GeForce Experience Vulnerability

December 24, 2019

Rewterz Threat Advisory – Dropbox For Windows Zero-Day Vulnerability

Severity

Medium

Analysis Summary

The vulnerability exists in Dropbox for Windows and is an arbitrary file overwrite issue that can give an attacker with local user access escalated privileges to execute code as SYSTEM. DropboxUpdater is installed as part of the Dropbox client software,it runs as SYSTEM in standard installations and that “one of the dropboxupdate tasks is run every hour by the task scheduler.” Every time this is triggered, it writes a log file to a location where the SYSTEM account leaves it vulnerable to exploitation.

DropboxEoP-decoder0.jpg

Impact

System Privileges

Affected Vendors

Dropbox

Affected Products

Dropbox for Windows

Remediation

Dropbox is yet to release a fix for the vulnerability.

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.