Punto Switcher
Monthly
Local privilege escalation and arbitrary code execution affects Yandex Punto Switcher through version 4.5.0.583 due to an unquoted search path passed to WinExec when launching RunDll32.exe to invoke shell32.dll's Control_RunDLL with input.dll. An authenticated local attacker who can drop an executable into an earlier directory in the Windows search order can hijack execution and run code in the context of the affected user. No public exploit identified at time of analysis, but the technique (CWE-428) is well-understood and trivially weaponized.
Local privilege escalation and arbitrary code execution affects Yandex Punto Switcher through version 4.5.0.583 due to an unquoted search path passed to WinExec when launching RunDll32.exe to invoke shell32.dll's Control_RunDLL with input.dll. An authenticated local attacker who can drop an executable into an earlier directory in the Windows search order can hijack execution and run code in the context of the affected user. No public exploit identified at time of analysis, but the technique (CWE-428) is well-understood and trivially weaponized.