HTC VIVEPORT Remote Code Execution Vulnerability

Summary

Privilege escalation in the “HTC Account Service” and “ViveportDesktopService” in HTC VIVEPORT before 1.0.0.36 allows local attackers to escalate privileges to SYSTEM via reconfiguration of either service.

Credit:

The information has been provided by Joshua Arnold

The original article can be found at:https://huskersec.com/privilege-escalation-via-htc-viveport-desktop-c93471ff87c8


Details

HTC VIVEPORT  is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition.

Vulnerable Systems:

  • HTC VIVEPORT before 1.0.0.36

CVE Information:

CVE-2019-12176

Disclosure Timeline:
Publish Date:06/03/2019

Categories: News