Parsec Remote Desktop App is prone to a local elevation of privilege due to a logical flaw in its code integrity verific
Posted: Mon Feb 03, 2025 11:43 am
Parsec updater for Windows was prone to a local privilege escalation vulnerability, this vulnerability allowed a local user with Parsec access to gain NT_AUTHORITY/SYSTEM privileges.
The vulnerability is a time-of-check timeāof-use (TOCTOU) vulnerability. There existed a small window between verifying the signature and integrity of the update DLL and the execution of DLL main.
https://www.kb.cert.org/vuls/id/287122
The vulnerability is a time-of-check timeāof-use (TOCTOU) vulnerability. There existed a small window between verifying the signature and integrity of the update DLL and the execution of DLL main.
https://www.kb.cert.org/vuls/id/287122