CVE-2021-25261

Description

Local privilege vulnerability in Yandex Browser for Windows prior to 22.5.0.862 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating symlinks to installation file during Yandex Browser update process.

Related CPE's

ayandexyandex_browser********

omicrosoftwindows-*******

References

https://yandex.com/bugbounty/i/hall-of-fame-browser/

Vendor Advisory

CvssV3 impact

Could not find any metrics

CvssV2 impact

AccessComplexity

LOW

ConfidentialityImpact

COMPLETE

AvailabilityImpact

COMPLETE

IntegrityImpact

COMPLETE

BaseScore

7.199999809265137

VectorString

AV:L/AC:L/Au:N/C:C/I:C/A:C

Version

2.0

AccessVector

LOCAL

Authentication

NONE

Created by Yello
About Severity.io