EIP-2026-117006

PRE-CVE

Crouzet em4 soft 1.1.04 / M3 soft 3.1.2.0 - Insecure File Permissions

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-117006. PoCs published by LiquidWorm.

AI-analyzed exploit summary The writeup describes an insecure file permissions vulnerability in Crouzet em4 soft and M3 soft, where the 'Everyone' group has the 'Change' permission on executable files, allowing authenticated users to replace them with malicious binaries for privilege escalation.

Description

Crouzet em4 soft 1.1.04 / M3 soft 3.1.2.0 - Insecure File Permissions

Exploits (1)

exploitdb WRITEUP

by LiquidWorm · textlocalwindows

https://www.exploit-db.com/exploits/39510

View Code ZIP pw:eip

The writeup describes an insecure file permissions vulnerability in Crouzet em4 soft and M3 soft, where the 'Everyone' group has the 'Change' permission on executable files, allowing authenticated users to replace them with malicious binaries for privilege escalation.

Classification

Writeup 100%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: Crouzet em4 soft (1.1.04, 1.1.03.01) and M3 soft (3.1.2.0)

Auth required

Prerequisites: Authenticated access to the system · Ability to modify files in the installation directory

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026