CVE-2019-19954
HIGHSignal Desktop < 1.29.1 - Uncontrolled Search Path Element via Trojan Horse wmic.exe
Title source: llmDescription
Signal Desktop before 1.29.1 on Windows allows local users to gain privileges by creating a Trojan horse %SYSTEMDRIVE%\node_modules\.bin\wmic.exe file.
References (2)
Core 2
Core References
Exploit, Patch, Third Party Advisory x_refsource_misc
https://blog.mirch.io/2019/12/18/signal-desktop-windows-lpe/
Scores
CVSS v3
7.3
EPSS
0.0048
EPSS Percentile
37.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-427
Status
published
Products (1)
signal/signal-desktop
< 1.29.1
Published
Dec 24, 2019
Tracked Since
Feb 18, 2026