CVE-2021-41065
HIGHListary < 6 - Unauthenticated Privilege Escalation via Named Pipe Impersonation
Title source: llmDescription
An issue was discovered in Listary through 6. An attacker can create a \\.\pipe\Listary.listaryService named pipe and wait for a privileged user to open a session on the Listary installed host. Listary will automatically access the named pipe and the attacker will be able to duplicate the victim's token to impersonate him. This exploit is valid in certain Windows versions (Microsoft has patched the issue in later Windows 10 builds).
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://www.listary.com/download
Various Sources x_refsource_misc
https://medium.com/%40tomerp_77017/exploiting-listary-searching-your-way-to-system-privileges-8175af676c3e
Scores
CVSS v3
7.3
EPSS
0.0053
EPSS Percentile
40.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-668
Status
published
Products (1)
bopsoft/listary
< 6
Published
Dec 14, 2021
Tracked Since
Feb 18, 2026