MindManager 23 – full disclosure

Posted by Pawel Karwowski via Fulldisclosure on Apr 19Resending! Thank you for your efforts.

GitHub – pawlokk/mindmanager-poc: public disclosure<https://github.com/pawlokk/mindmanager-poc>

Affected application: MindManager23_setup.exe

Platform: Windows

Issue: Local Privilege Escalation via MSI installer Repair Mode (EXE hijacking race condition)

Discovered and reported by: Pawel Karwowski and Julian Horoszkiewicz (Eviden Red Team)

Proposed mitigation:…Full DisclosureRead More