Description
Unquoted Windows search path vulnerability in NSClient++ before 0.4.1.73 allows non-privileged local users to execute arbitrary code with elevated privileges on the system via a malicious program.exe executable in the %SYSTEMDRIVE% folder.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.on-x.com/sites/default/files/on-x_-_security_advisory_-_nsclient_-_cve-2018-6384.pdf
Vendor Advisory x_refsource_confirm
https://nsclient.org/blog/2018/01/30/CVE-2018-6384-0.3.9/
Scores
CVSS v3
7.8
EPSS
0.0079
EPSS Percentile
51.3%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-428
Status
published
Products (1)
nsclient/nsclient\+\+
< 0.4.1.73
Published
Jan 31, 2018
Tracked Since
Feb 18, 2026