CVE-2020-11613
HIGHMids' Reborn Hero Designer - Uncontrolled Search Path
Title source: ruleDescription
Mids' Reborn Hero Designer 2.6.0.7 has an elevation of privilege vulnerability due to default and insecure permissions being set for the installation folder. By default, the Authenticated Users group has Modify permissions to the installation folder. Because of this, any user on the system can replace binaries or plant malicious DLLs to obtain elevated, or different, privileges, depending on the context of the user that runs the application.
References (2)
Core 2
Core References
Release Notes, Third Party Advisory x_refsource_misc
https://github.com/Crytilis/mids-reborn-hero-designer/releases
Exploit, Third Party Advisory x_refsource_misc
https://www.doyler.net/security-not-included/mids-reborn-vulnerabilities
Scores
CVSS v3
7.8
EPSS
0.0006
EPSS Percentile
17.8%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-427
CWE-732
Status
published
Products (1)
mids\'_reborn_hero_designer_project/mids\'_reborn_hero_designer
2.6.0.7
Published
Jun 11, 2020
Tracked Since
Feb 18, 2026