CVE-2019-10679
Description
Thomson Reuters Eikon 4.0.42144 allows all local users to modify the service executable file because of weak %PROGRAMFILES(X86)%\Thomson Reuters\Eikon permissions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Thomson Reuters/Eikondescription
- Range: = 4.0.42144
Patches
Vulnerability mechanics
Root cause
"Weak file-system permissions on the service executable directory allow any authenticated user to overwrite the service binary."
Attack vector
An unprivileged local user who is a member of the Authenticated Users group can write to the directory C:\Program Files (x86)\Thomson Reuters\Eikon [ref_id=1]. Because the service runs with SYSTEM privileges, replacing the executable with a malicious binary causes the operating system to execute the attacker's code at the next service start, resulting in full privilege escalation [ref_id=1]. No network access or special authentication beyond a valid local logon is required.
Affected code
The vulnerable component is the service executable file located in C:\Program Files (x86)\Thomson Reuters\Eikon [ref_id=1]. The advisory does not name a specific executable filename or function; the defect is in the file-system ACLs applied to the entire installation directory, which grant write access to the Authenticated Users group [ref_id=1].
What the fix does
The advisory states that the vendor did not release a patch and did not respond to follow-up requests [ref_id=1]. The recommended remediation is to restrict write permissions on the Eikon directory to administrative users only, and to run the application on a separate system accessible via RDP rather than on a shared domain-joined workstation [ref_id=1].
Preconditions
- authAttacker must be a local user on the Windows system where Eikon is installed.
- configThe directory %PROGRAMFILES(X86)%\Thomson Reuters\Eikon must have weak permissions allowing Authenticated Users to modify files (the default vulnerable configuration).
Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- packetstormsecurity.com/files/158989/Eikon-Thomson-Reuters-4.0.42144-File-Permissions.htmlmitrex_refsource_MISC
- seclists.org/fulldisclosure/2020/Aug/19mitremailing-listx_refsource_FULLDISC
- sec-consult.com/en/blog/advisories/extensive-file-permissions-on-service-executable-in-eikon-thomson-reuters-cve-2019-10679/mitrex_refsource_MISC
- www.sec-consult.com/en/vulnerability-lab/advisories/index.htmlmitrex_refsource_MISC
- www.thomsonreuters.com/en/products-services.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.