Description
Telerik Fiddler v5.0.20182.28034 doesn't verify the hash of EnableLoopback.exe before running it, which could lead to code execution or local privilege escalation by replacing the original EnableLoopback.exe.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://vuldb.com/?id.135671
Scores
CVSS v3
7.8
EPSS
0.0058
EPSS Percentile
43.0%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-354
Status
published
Products (1)
progress/fiddler
5.0.20182.28034
Published
Jun 03, 2019
Tracked Since
Feb 18, 2026