Ad Miner
Monthly
Unsafe deserialization in AD-Security AD_Miner 1.9.0 allows a local low-privilege attacker to achieve code execution by supplying a crafted serialized payload as the sys.argv[1] argument to the Cache Handler's request_a function in analyse_cache.py. The attack is strictly local with no network exposure, and impacts confidentiality, integrity, and availability at a low level within the vulnerable process. No public exploit has been identified; an upstream fix exists as GitHub PR #239 but awaits acceptance, meaning no released patched version is currently available.
Unsafe deserialization in AD-Security AD_Miner 1.9.0 allows a local low-privilege attacker to achieve code execution by supplying a crafted serialized payload as the sys.argv[1] argument to the Cache Handler's request_a function in analyse_cache.py. The attack is strictly local with no network exposure, and impacts confidentiality, integrity, and availability at a low level within the vulnerable process. No public exploit has been identified; an upstream fix exists as GitHub PR #239 but awaits acceptance, meaning no released patched version is currently available.