Local privilege escalation in ANSSI’s DFIR-ORC
Description
Local privilege escalation by loading DLLs from a shared temporary directory in ANSSI’s DFIR-ORC, versions 10.2.7 and prior. An attacker with prior access to the system, can place a malicious DLL in C:\Windows\Temp and wait for the application to be executed. Because DFIR-ORC is extracted and executed from that location with administrative privileges, the malicious library can be loaded automatically, allowing the attacker to gain administrator privileges on the affected machine.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1Patches
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
2- www.incibe.es/en/incibe-cert/notices/aviso/local-privilege-escalation-anssis-dfir-orcmitrepatch
- github.com/DFIR-ORC/dfir-orc/releases/tag/v10.3.0mitrevendor-advisorypatch
News mentions
0No linked articles in our index yet.