Glary Utilities
Monthly
Local privilege escalation in Glarysoft Glary Utilities lets an already-present low-privileged attacker abuse the Disk Clean feature to delete arbitrary files and ultimately execute code as SYSTEM. Discovered and reported through the Zero Day Initiative (ZDI-26-402, ZDI-CAN-27004), it stems from the privileged cleanup service following filesystem junctions (CWE-59) planted by the attacker. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but ZDI-sourced advisories are typically high-fidelity and reproducible.
Untrusted search path vulnerability in the installer of Glarysoft Glary Utilities (Glary Utilities 5.99 and earlier and Glary Utilities Pro 5.99 and earlier) allows an attacker to gain privileges via. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Local privilege escalation in Glarysoft Glary Utilities lets an already-present low-privileged attacker abuse the Disk Clean feature to delete arbitrary files and ultimately execute code as SYSTEM. Discovered and reported through the Zero Day Initiative (ZDI-26-402, ZDI-CAN-27004), it stems from the privileged cleanup service following filesystem junctions (CWE-59) planted by the attacker. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but ZDI-sourced advisories are typically high-fidelity and reproducible.
Untrusted search path vulnerability in the installer of Glarysoft Glary Utilities (Glary Utilities 5.99 and earlier and Glary Utilities Pro 5.99 and earlier) allows an attacker to gain privileges via. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.